问题
I have a biometric USB fingerprint sensor for android devices. I want to develop an application that reads a user's fingerprint via sensor and store it into an SQLite database so that it can be verified when the user login. So, Are there any tutorials or code samples that explain how to do that? Thanks In Advance.
回答1:
Reading users biometric materials and storing them in an SQLite database seems a suspect usage of biometrics on Android. Normally quite a bit of security measures go into collecting a user's biometrics material on Android. On approved Android devices, no third party app can read a user's biometric material. The way it works is the third party app gets confirmation from the Framework that indeed the user registered on the device is the same user who just now authenticated.
It normally goes like this:
User registered their biometric materials with the device usually through the device Settings -- this is securely handled by the device implementation/OEM.
Some time later, a third party app wants a user to authenticate using biometrics.
The app relays the user's wish to the Framework.
The framework handles the authentication. The user, in the case of fingerprint biometrics, taps their fingerprint on the sensor and the sensor checks if the new fingerprint matches a pre-registered template.
The framework tells the third party app yes the fingerprint matches the template that was register with the device -- or no this fingerprint is not recognized. But at no point is the biometric material of a user itself shared with a third party app or allowed to leave the device.
So...yeah, your use case sounds suspect.
You may find more info on recommended implementation here.
来源:https://stackoverflow.com/questions/58827877/android-biometric-usb-fingerprint-authentication-tutorial