Fingerprint Recognition
FingerprintView is the class you can use to register or verify an user based on his/her fingerprints.
This biometric view uses the built-in sensor of the smartphone or tablet.
Neither Android nor iOS let any third-party application to access to the actual user's fingerprint information. Both systems expose a different API which basically let you know if the user's has any fingerprint registered on the device (using the device's operating system to do so) and authenticate the user.
MobbID SDK offers a commons API for Android, iOS and Xamarin to use the fingerprint feature with the same approach for both system and also with the same API that the other biometric methods available in the SDK. It also enable the use of the fingerprint feature for online scenarios, as well as offline. The SDK offers a easy and convenient way to enable fingerprint capabilities in your app.
Device compatibility
FingerprintView could only be used with fingerprint-enabled devices. That means devices that have a fingerprint sensor and comply with the software/hardware requirements.
The SDKs offers methods to check whether the device is compatible with the fingerprint method or not
// Assuming the fingerprint view is already created...
boolean isSupported = fingerprintView.isSupportedByDevice();
BOOL isSupported = [FingerprintView isSupportedByDevice];
// Assuming the fingerprint view is already created...
boolean hasEnrolledFingerprints = fingerprintView.hasDeviceEnrolledFingerprints();
BOOL hasEnrolledFingerprints = [FingerprintView hasDeviceEnrolledFingerprints];
Enrollment
To register/enroll an user in the fingerprint method with the MobbID SDK is required that the user has already register at least one of his/her fingerprint on the device itself.
If the user does not have any fingerprint registered the FingerprintView will return an error letting you know that the user is not allowed to be registered in this method.
Once the enrollment is done, the MobbID SDK would be able to detect changes on the device's fingerprint configuration so you could act accordingly (revoking the user's access through fingerprint and forcing them to verify their identity by any other method you deem neccesary: some other biometric method, pin, password, etc.).
Verification
Once the user is enrolled in the fingerprint method the SDK will let you verify his/her identity easily.
Basically when you try to verify the user, you will present them an UI instructing the user to use the fingerprint sensor and the SDK will give you the usual "user verified" or "user not verified" message.
There are some differences in the behaviour between iOS and Android imposed by the operating system themselves:
| Operation | iOS | Android | Comment |
|---|---|---|---|
| Customise the UI of the view | X | √ | iOS always shows the default fingerprint UI dialog and does not let you customise it. In Android you can fully customise your UI |
| Add new fingerprint to the device's configuration | √ | √ | The SDK would return an error ERROR_FINGERPRINT_CONFIGURATION_CHANGED on the verification pointing out the device's fingerprint configuration has changed and disabling the user's fingerprint access until you register him/her again (it's recommended that you ensure the user's identity by other method, biometric ot not, before invoking the enrollment process again) |
| Remove existing fingerprint from the device's configuration | √ | X | iOS and Android manage this situation differently. iOS would treat it as a security issue, the same way as if the user've added a new fingerprint, so you should expect a ERROR_FINGERPRINT_CONFIGURATION_CHANGED. In Android it could not be detected so the user would be able to verify as usual |