Google released the new
BiometricPrompt as a replacement for
FingerprintManager last September. We decided to test out whether we would be able to integrate it in our Android library which simplifies fingerprint authentication, called the Goldfinger–and whether a library like Goldfinger would even be necessary with the new API.
FingerprintManager vs. BiometricPrompt
During Google I/O ’18, Google announced
BiometricPrompt which is used as a replacement for
BiometricPrompt should choose the most appropriate biometric (fingerprint, face, iris) and display system dialog so that users have consistent behavior across all applications.
BiometricPrompt was introduced as an Android P feature, but Google also mentioned backwards-compatible
BiometricPrompt, similar to how
Google finally released the first alpha version of
androidx.biometrics library last September. While we expected the development of the library to be fast, it was stuck in the alpha version for almost a year. There was even an issue open!
At last, they released the
beta1 version in August. We tested the
beta1 version and were quite happy with how it works. There are several smaller issues, but those should be resolved by the time a stable version is released, hopefully.
Replacing FingerprintManager in Goldfinger
Two years ago, we created an Android library that simplifies Fingerprint authentication called Goldfinger. Our library was using deprecated
FingerprintManager to that point, so we wanted to test out if we would be able to integrate
BiometricPrompt in it, and whether a library like Goldfinger would even be neccessary with the new API.
We came to the conclusion that
FingerprintManager APIs are almost the same. The biggest improvement over
FingerprintManager is that you don’t even need to know what
CryptoObject is if you need simple user authentication without data encryption.
All other complexities regarding user authentication are still there–
CryptoObject creation if a cipher is needed, cancel dispatched as an error after the developer invokes cancel himself, save and restore initialization vector, and others. For all those reasons, we decided to refactor Goldfinger’s internals to use the new
Welcome Goldfinger 2.0
Nowadays, Goldfinger API uses
BiometricPrompt and has a new API that requires
Goldfinger.PromptParams are constructed via a builder pattern and you give it all values that are required for constructing
BiometricPrompt. Afterwards, Goldfinger encapsulates all biometric complexities for you.
CryptoObject asynchronously, starts biometric authentication, saves and restores initialization vector, handles weird edge cases introduced by on-screen fingerprint scanners, handles all system exceptions and returns them in a single callback, as well as offers you a separate Rx module.
Feedback is welcome
The current version is still a release candidate so we are looking for potential improvements and suggestions from the community. We plan on releasing the final, stable version as soon as
androidx.biometrics leaves beta–feel free to drop us a comment, suggestion or even a pull request so that we can prepare Goldfinger 2.0 to be the best possible.