Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure

Google recently announced that it will add a brand-new anti-spoofing feature to its Android operating system that will increase the security of the biometric authentication system.

Fingerprint, face or IRIS technology are a part of the system of biometric authentication. These features simplify the process of unlocking a device and several applications. Not only are they quick, but they ensure security as well. biometric systems certainly aren’t infallible. There have been several instances in the past wherein the biometric scanners fell victim to spoofing attacks. In fact, it is quite easy to fool these security systems.
So, Google’s announcement of an anti-spoofing feature will improve the security of these biometric features that are available on Android. Also, this enhanced feature will enable the Android app developers to seamlessly integrate this new safety feature into the apps while ensuring that the user’s data stays safe.

At present, the authentication system on Android uses two different metrics and they are FAR (False Reject Rate) and FAR (False Accept Rate), along with different techniques of machine learning to gauge the accuracy as well as the precision of the input fed by the user.

There are certain times when the biometric model might falsely classify an incorrect input as the intentional target of the user, and this is determined by the FAR. On the other hand, FRR denotes the number of times the biometric model has falsely classified the user’s input as being incorrect even though it was correct.

For the sake of convenience, there are certain biometric scanners that allow authentication of users with a rather high rate of false-acceptances and this leaves the device vulnerable to spoofing attacks. To fix this issue, apart from the usual metrics of FAR and FRR, Google has introduced SAR (Spoof Accept Rate) and IAR (Impostor Accept Rate) too strengthen the biometric authentication system.

All these metrics help measure the ease with which an attacker can bypass the system of biometric authentication.

According to the biometric input of the user, the values of the SAR/IAR metric can be defined as strong (values equal to or less than 7) or a weak biometric (value is higher than 7). If these values can be categorized as a weak biometric while the user unlocks the device or an app, then Android Pie will apply an alternate authentication system. The device may prompt the user to re-enters the PIN, pattern, password, or even try the biometric again. This new mechanism will certainly improve the security of the user’s data.