How to detect if the user add new fingerprint to Android settings after he/she authenticate finger inside my application ?
i.e. iOS have something called (evaluatedPolicyDomainState) to detect changes in fingerprint catalog what is the alternative in Android ?
This require for security reasons to prompt password in this case
From the documentation for setUserAuthenticationRequired:
The key will become irreversibly invalidated once the secure lock screen is disabled (reconfigured to None, Swipe or other mode which does not authenticate the user) or when the secure lock screen is forcibly reset (e.g., by a Device Administrator). Additionally, if the key requires that user authentication takes place for every use of the key, it is also irreversibly invalidated once a new fingerprint is enrolled or once no more fingerprints are enrolled, unless
setInvalidatedByBiometricEnrollment(boolean)is used to allow validity after enrollment. Attempts to initialize cryptographic operations using such keys will throw KeyPermanentlyInvalidatedException.
So to check if any new fingerprints have been enrolled since you created your fingerprint-associated key, just create a cipher with that key and try to init the cipher. If any new fingerprints have been enrolled, the init call should trigger a KeyPermanentlyInvalidatedException.
KeyPermanentlyInvalidatedException. –
Odorous I can get all finger id in integers.
private void getFingerprintInfo(Context context)
{
try {
FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
Method method = FingerprintManager.class.getDeclaredMethod("getEnrolledFingerprints");
Object obj = method.invoke(fingerprintManager);
if (obj != null) {
Class<?> clazz = Class.forName("android.hardware.fingerprint.Fingerprint");
Method getFingerId = clazz.getDeclaredMethod("getFingerId");
for (int i = 0; i < ((List) obj).size(); i++)
{
Object item = ((List) obj).get(i);
if(item != null)
{
System.out.println("fkie4. fingerId: " + getFingerId.invoke(item));
}
}
}
} catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException | ClassNotFoundException e) {
e.printStackTrace();
}
}
please refer to this: https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/hardware/fingerprint/Fingerprint.java
there is a public method getFingerId( ), but it is not available for us to call because it has "@UnsupportedAppUsage".
so you need to use reflection to call the method. after you get a list of fingerprint id, you can encrypt them and store in sharedPreference.
Finger id is the id of the fingerprints stored in setting
After you get all finger ids, you can determine if user has added/deleted a fingerprint.
No need to count on the KeyPermanentlyInvalidatedException. It is not thrown in Android 8.0
Good luck!!!...
don't believe google did such a poor job
getEnrolledFingerprints has sadly been greylisted (check here for info), which means this won't work if your app targets API 29+. –
Erlin getFingerId() not return a valid fingerId on Samsung devices, it return an index (1, 2, 3, ...) that can not be useful to check if a new fingerprint is added. <br/> Also there are 4 other function that i tested but not very usefull like : getName() , getGroupId() , getDeviceId() and describeContents().<br/> The getName()may can be usefull if it is concatenated with index but the problem here is when you delete the last fingerprint saved and create other with the same name –
Vocation private String getFingerprintInfo(Context context) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException, ClassNotFoundException {
FingerprintManager fingerprintManager = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
Method method = FingerprintManager.class.getDeclaredMethod("getEnrolledFingerprints");
Object obj = method.invoke(fingerprintManager);
String allFingerPrintInfo = "";
if (obj != null) {
Class<?> clazz = Class.forName("android.hardware.fingerprint.Fingerprint");
for (int i = 0; i < ((List) obj).size(); i++) {
Object fingerPrint = ((List) obj).get(i);
if (fingerPrint != null) {
String fingerPrintInfo = "";
if (Build.VERSION.SDK_INT > Build.VERSION_CODES.P) {
Parcel p = Parcel.obtain();
p.setDataPosition(0);
// Method writeToParcel = clazz.getDeclaredMethod("writeToParcel", Parcel.class, Integer.class);
clazz.getDeclaredMethods()[1].invoke(fingerPrint, p, 0);
p.setDataPosition(0);
fingerPrintInfo = p.readString() + "_" + p.readInt() + "_" + p.readLong();
} else {
Method getFingerId = clazz.getDeclaredMethod("getFingerId");
fingerPrintInfo = (String) getFingerId.invoke(fingerPrint);
}
allFingerPrintInfo += fingerPrintInfo + "*";
}
}
}
return allFingerPrintInfo;
}
/**
* Generate NIST P-256 EC Key pair for signing and verification
*
* @param keyName
* @param invalidatedByBiometricEnrollment
* @return
* @throws Exception
*/
@TargetApi(Build.VERSION_CODES.P)
private KeyPair generateKeyPair(String keyName, boolean invalidatedByBiometricEnrollment) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyName,
KeyProperties.PURPOSE_SIGN)
.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
.setDigests(KeyProperties.DIGEST_SHA256,
KeyProperties.DIGEST_SHA384,
KeyProperties.DIGEST_SHA512)
// Require the user to authenticate with a biometric to authorize every use of the key
.setUserAuthenticationRequired(true)
.setInvalidatedByBiometricEnrollment(invalidatedByBiometricEnrollment);
keyPairGenerator.initialize(builder.build());
return keyPairGenerator.generateKeyPair();
}
You can't add new fingerprints from your app.
Inside your application you only have access to the Auth Fingerprint Method which checks against registered fingerprints through the keyStore.
© 2022 - 2024 — McMap. All rights reserved.