Welcome to the new way to access apps on Android OS. Google propelled the first-of-its-kind FIDO2 API developed by FIDO Alliance that lets the user authenticate their credentials using biometrics.
Nobody likes remembering complex passwords containing uppercase letters, lowercase, and numbers, special characters but it is what makes an app or service secure on Android as of now. If you skip it, then you are looking after PIN, Patterns, passcodes to authenticate identity to access an app. Even the two-factor authentication system is secure but annoying since you need to types of passwords to access an app. Well, Google and FIDO Alliance have developed a system that would allow apps to access using fingerprints as authentication but it is not that simple.
As simplified by The Verge, apps use a ‘shared secret’ model where the biometrics of the users are shared to the server to authenticate a user. However, FIDO2 API uses an asymmetric model where the biometrics are stored locally on the device. The biometrics are essentially ciphered using required cryptography where the server-side of an app doesn’t actually know the biometrics but usually a key or a ‘secret’ that could present proof of the user’s identity.
Google has already pushed out the FIDO2 API update with its Google Play Services update that you’ll receive shortly. The authentication system will work on all smartphones running on Android 7.0 Nougat and above. For smartphones running below Nougat, Google has backed the phones with other types of authentication systems such as PIN, passwords, etc.
The API is followed by a handful of apps including Firefox, Edge, and Chrome on Android devices and soon, it will surface on other apps as and when the developers include FIDO2 API with their apps and release an update on Google Play Store.
Out of the total Android-supported devices out there, about 50% still run on Android 6.0 and older which means Google has covered more than half of the user base with FIDO2 biometric authentication system which is roughly billions of devices. However, Android suffers from severe OS fragmentation, unlike Apple iOS which has recorded a higher adoption rate.