The security novelty of Android 10 that is less talked about

On September 3 Android 10 came to Pixel phones, a version that a priori does not seem to integrate too many changes and that have mostly been overshadowed by the extremely popular dark mode. A version that 90 days later was already on a large list of devices, which is still on the rise.

Privacy and security are areas in which Google has worked hard for this latest update. One of the features that we liked the most has been to give permission to the applications for the location only when they are active, but it is not by far the only interesting one. And today we are going to talk about another very interesting feature.

Biometric API: the tool that gives more security to applications

For many years now Biometrics is part of the security of our mobiles. Perhaps the word may sound strange to you, but when we talk about biometrics we refer to the use of the fingerprint reader or facial recognition, as well as any technology that uses our features as "password."

Although on Android let's take a long time using the fingerprint reader, it is true that the biometric security system needed certain reforms. For example, at present, if we want to use our bank's application, we have the possibility to verify that it is us using the fingerprint. And how does the application know that this footprint is ours if we have not registered it?

The ability to use the fingerprint as a password for applications came in Android 6.0 with a system API called Fingerprint. An API is a set of tools (created in this case by Google, for Android) that allow the developers of an application to use a system feature.

In this specific case, the Fingerprint API acts as an intermediary between the application that requests it and the system itself. The application is in no case reading or storing our information, but instead invokes that system tool so that we set the mark. Finally, the application will receive an answer if it is us or not, instead of having access to our information.

But what if I do not want to use the fingerprint reader and I want to enter the application of my bank with facial recognition? Well, until Android 10 you can't do it. And we tell you why.

Google has decided to extend the functionality of the fingerprint reader API (and in fact, it is obsolete already) to something they have named as Biometric API. What does this new tool do? Well, giving applications the same ability to verify a person, but instead of using the fingerprint, it allows you to use facial recognition or any other method.

Use of Biometric API with iris scanner (Via).

It seems that this method is not as easy to implement as "every system that has Android 10 supports any identification." Cause for this is the news they have commented on Android Police, where Samsung has added in its Android 10 beta for the Galaxy S9 and Note 9 the support of the iris scanner for that API.

What implication does this have in the future? Well, in this specific case, when a user of the Galaxy S9 or Note 9 access an application that uses Biometric API (most likely the first ones are banking and mobile payment applications) as the user can access with his fingerprint or with the iris scanner.

Of course, it is a very important change with many challenges ahead, since double responsibility seems to be necessary: first by manufacturers (to make their methods compatible with the API) and on the other hand, by developers.