Welcoming a new face — #anonim_fw0 just made a spark with 5 #NFTs in the #NFToa ecosystem ⚡🔥
— NFToa (@nftoa_) September 2, 2025
Fresh energy like this keeps the community alive and growing. Thank you for joining the journey #eCash $XEC #NFTCollectors #NFT_support #CryptoTrading #CryptoNews #CryptoHelp pic.twitter.com/G2j1a8JW3y
This fingerprint feature was first introduced in Android v.6.0, a new security feature that is able to confirm the identity of the original user with just one touch. So far, the fingerprint feature is still commonly applied on the lockscreen, not widely applied to strengthen the security of an application, even though it is actually very possible to do, especially sensitive applications such as payment apps for example. Providing an alternative login authentication other than username & password with one touch of fingerprint will provide more convenience for users.
In this experiment, I will show you how to create a fingerprint prototype, which you can then apply to any Android project.
The general flow of this prototype is that users register their fingerprints on an Android device (at least 1 fingerprint needs to be registered).
In addition, we will also test how this application runs on devices that do not support fingerprints, such as on Android Virtual Devices (AVDs) / Emulators for example. Of course we can't just stay silent about this, we have to UI / UX to overcome this exception.
Why Do I Care About Fingerprint Authentication?
Adding fingerprint authentication to a project is the same as complicating your app's authentication logic process, meaning is it worth the benefits you get? This is worth understanding and considering before you execute it on a production project.
The fastest & most convenient way to identify genuine users . It is undeniable that traditional PIN, pattern or password are the most effective and secure methods, but they cannot avoid human error such as forgetting or typo during the authentication / login process, so the presence of this fingerprint is a solution to overcome human error.
Users are unlikely to forget their fingerprints . In general, users choose long and strong passwords, on the other hand, users also consume other applications to support their daily activities and the best practice for securing accounts is "don't use the same password for different accounts", this has the potential for human error such as forgetting, or writing down passwords in unsafe places, so the presence of fingerprints is still very relevant.
Anti typo or keyboard fatigue . Not only long and complex, sometimes the user's keyboard is difficult to reach during busy and noisy situations, especially the small user's mobile device will add to the fatigue. Up to this point the presence of fingerprints is still very relevant.
No need to bother recovering or resetting passwords . The misfortune that threatens many account owners is forgetting passwords, although it can be overcome by resetting the password but it will take a lot of user time to recover it, because they have to face a long-winded procedure, not to mention the passwords used must not be the same and it can mess up their brains by having to remember new things again.
Each user's fingerprint is unique and impossible to guess . One of the gifts of God Almighty that we should be grateful for. There is no guarantee that every user can guess their fingerprint, even spyware, although there is no 100% guarantee of security for any app on this earth.
Biometric login provides a convenient method for authorizing access to private content within your app. Instead of having to remember an account username and password every time they open your app, users can simply use their biometric credentials to confirm their presence and authorize access to private content.
What does it take to build this feature?
- Android Studio minimum version 3.6 or above
- Android devices running on Android OS 8.0 (Oreo) or above, and of course those with embedded biometric sensors.
- Knowledge of Android development and kotlin language.
What will we do?
Frankly, it would be very ineffective if I made the same tutorial that the Google codelab team has made , so I will only review the fundamental parts that I have successfully implemented in my project. Before starting, it's a good idea to see how this prototype works by clone running on your device.
git clone https://github.com/googlecodelabs/biometric-login.git1. No need for permission in the manifest
Reviewing the tutorials scattered around the internet, I often find that they still declare permission in their manifest to access biometric sensors, like this for example.
<uses-feature android:name="android.hardware.fingerprint"
android:required="true"/>and this,
<uses-permission
android:name="android.permission.USE_FINGERPRINT" />I suggest not to use that outdated method . The best way is to follow the instructions made by the google team in their codelab, so we just use the following dependencies.
dependencies {
implementation "androidx.biometric:biometric:1.0.1"
}Configuring Biometrics to Login Page
- I assume you already have an application with a standard login form.
- We need to create a class
CryptographyManagerthat we assign to manage the encryption & decryption process. - We also need to create a class
BiometricPromptUtils,BiometricPromptwhich we will need to call later.
Cryptography Manager
The core of this biometric authentication API is to call BiometricPrompt, the data class that we use to communicate with the API is CryptoObject, where Cipher, or MAC, or Signature, or are IdentityCredential required as parameters, well in this case I chose to use Cipher.
General description
Frankly, I did not implement everything in the Google codelab module, I only implemented the gist of it, and of course this is still a prototype because I still store the encrypted data locally (sharedPreference), even though the real business logic is that all of this sensitive data is placed on the server.
In general, the workflow of this biometric prototype is as follows.
POST
register identity (username + password + fingerprint) -> encryption -> save locally / save in the cloud
GET
fetch encrypted data from local / clound -> authorization (fingerprint) -> decrypt -> PASS / REJECT