Google is toying with adding biometric support to its Autofill service on Android devices, deployed by users to automatically populate online forms and apps with personal and sensitive information.
Android code that hasn’t yet been enabled suggests Google’s built-in service could, in a future update, introduce an additional security layer involving fingerprint scanning or facial recognition, according to XDA Developers.
The additional step would be handled through the ‘BiometricPromptAPI’, and would aim to resolve a security concern that has riddled Google’s auto-fill feature for years.
Autofill allows Android users to automatically populate forms and apps with information like passwords, addresses and credit card details, that's synced with their Google account.
With Google’s Android 8 Oreo operating system, the inclusion of an Autofill API opened up support to third-party password managers like LastPass and Dashlane.
Using the equivalent of Autofill with these apps, however, generally requires users to pass an additional layer of security, like a quick fingerprint scan, to verify their identity.
RELATED RESOURCE
Unlike these third-party apps, however, Google’s own feature has never demanded any additional form of authentication.
Attackers, therefore, could in theory gain access to a wealth of sensitive information - including financial data - by just bypassing the passcodes users set that allows access into their devices.
According to an APK teardown, biometric support options would be enabled within the Autofill settings portion of the Android settings menu, under ‘autofill security’.
Users could then separately toggle biometric support on or off for payment information and credentials like usernames and passwords.
Biometric security is increasingly being seen as a reliable and secure alternative to traditional passwords and passcodes. The use of password managers, too, is often recommended by security experts as a means of improving cyber hygiene.
Microsoft, for instance, is a company that’s been highly vocal about the need to shift away from conventional passwords and for users to instead embrace biometrics as an alternative. Its chief information security officer Bret Arsenault has in the past called for online passwords to be eliminated entirely.
Embracing biometric support completely, however, presents its own security challenges, as the Biostar 2 data breach showed, with the nature of the biometric data taken for more permanent than usernames and passwords, which are stolen in most other breaches.
-
Five things to consider before choosing an MFA solutionIn-depth Because we all should move on from using “password” as a password
-
The IT Pro Podcast: Going passwordlessIT Pro Podcast Something you are, or something you have, could be more important than a password you know in the near future
-
Podcast transcript: Going passwordlessIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
UK police fails ethical tests with "unlawful" facial recognition deploymentsNews A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings
-
Snapchat settles for $35 million in Illinois biometrics lawsuitNews The social media giant had been accused of improperly collecting, storing facial geometry in violation of state legislation
-
Home Office to collect foreign offenders' biometric data using smartwatch schemeNews Facial recognition and geolocation data will be matched against Home Office, Ministry of Justice and police databases
-
Southern co-operative faces legal complaint for facial recognition CCTVNews Rights group Big Brother Watch has written to the Information Commissioner to “stop unlawful processing”
-
Amazon gave police departments Ring footage without permissionNews The tech giant has done this 11 times this year
