3

I am looking for retrieving Fingerprint data to be sent to server backend. My application is used by sales team and whenever there is new customer, the sales will ask customer to scan his fingerprint (and eventually send them to corporate server).

Is it possible to do it using latest API/SDK available out there?

AFAIK, Samsung SDK doesn't provide it, nor Android Marhsmallow.

Rendy
  • 5,572
  • 15
  • 52
  • 95
  • Do some reading on Trusted Execution Environments and how Android implements them. It will explain why this isn't possible and the reason for it being impossible. – aminner Aug 25 '15 at 18:29
  • Do you refer to this? http://www.androidauthority.com/arms-built-security-might-just-get-rid-password-397924/ – Rendy Aug 26 '15 at 02:06
  • Yep, that's one of the better explanations. – aminner Aug 26 '15 at 11:27
  • 2
    Wow - the reason you've included is truly horrifying. Would anyone agree to have their fingerprints scanned just because they are a customer? Care to share which company this is? – adelphus Aug 27 '15 at 17:03
  • I don't know. I will never become their customer because they will implement this. It is a bank. – Rendy Aug 28 '15 at 01:04

3 Answers3

4

Neither, the fingerprint image nor its features are accessible by the API. From Android website I quote:

Thus, raw images and processed fingerprint features must not be passed in untrusted memory. All such biometric data needs to be secured within sensor hardware or trusted memory. (Memory inside the TEE is considered as trusted memory; memory outside the TEE is considered untrusted.)

Sourav Ghosh
  • 1,964
  • 4
  • 33
  • 43
eldjon
  • 2,800
  • 2
  • 20
  • 23
2

I seriously doubt you can get raw fingerprint data because it is used as an authentication method.

In the same way that you can't retrieve the device password, you won't be able to get fingerprint data. It would be a significant security risk to do so.

adelphus
  • 10,116
  • 5
  • 36
  • 46
  • Yes I agree with you. AFAIK that fingerprint only can be used for authentication only, not storing and sending it to server. – Rendy Aug 22 '15 at 15:52
0

As mentioned before, the Fingerprint API's won't allow you access to the raw data.

But there is a different solution. Don't use the Fingerprint scanner. Instead use the camera.

Eric Aya
  • 69,473
  • 35
  • 181
  • 253
FrankkieNL
  • 711
  • 9
  • 22