Using biometric authentication

      Technique summary
    Technique Biometric authentication
    Against Clickers, disk attacks
    Limitations Only devices where biometric authentication is available and turned on
    Side effects None
    Recommendations A great technique for authentication, however not effective at deterring malware when used on its own

    During crucial application workflows, such as confirming a bank transfer, it is recommended to use biometrics as an added layer of security.

    Unlike entering a passcode, accessibility services cannot verify any biometric actions. If your platform provides the option to add a description to the biometric screen, it is advisable to use it, as the system prohibits any services from tampering with it.


    Example of biometric authentication being used in an application

    Find more information and instruction for use of biometric authentication in the Google Developers documentation.

    Residual risks

    Malware that has device admin privileges or an accessibility service can disable the use of biometric authentication on the device globally. Therefore, other protections against malicious accessibility services apply.


    Table of contents