Google testing biometric support for Autofill service

Users may be asked for additional verification before Autofill populates apps and forms with sensitive data

Google is toying with adding biometric support to its Autofill service on Android devices, deployed by users to automatically populate online forms and apps with personal and sensitive information.

Android code that hasn’t yet been enabled suggests Google’s built-in service could, in a future update, introduce an additional security layer involving fingerprint scanning or facial recognition, according to XDA Developers

Advertisement - Article continues below

The additional step would be handled through the ‘BiometricPromptAPI’, and would aim to resolve a security concern that has riddled Google’s auto-fill feature for years.

Autofill allows Android users to automatically populate forms and apps with information like passwords, addresses and credit card details, that's synced with their Google account.

With Google’s Android 8 Oreo operating system, the inclusion of an Autofill API opened up support to third-party password managers like LastPass and Dashlane.

Using the equivalent of Autofill with these apps, however, generally requires users to pass an additional layer of security, like a quick fingerprint scan, to verify their identity.

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

Unlike these third-party apps, however, Google’s own feature has never demanded any additional form of authentication.

Attackers, therefore, could in theory gain access to a wealth of sensitive information - including financial data - by just bypassing the passcodes users set that allows access into their devices.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

According to an APK teardown, biometric support options would be enabled within the Autofill settings portion of the Android settings menu, under ‘autofill security’. 

Users could then separately toggle biometric support on or off for payment information and credentials like usernames and passwords.

Biometric security is increasingly being seen as a reliable and secure alternative to traditional passwords and passcodes. The use of password managers, too, is often recommended by security experts as a means of improving cyber hygiene.

Microsoft, for instance, is a company that’s been highly vocal about the need to shift away from conventional passwords and for users to instead embrace biometrics as an alternative. Its chief information security officer Bret Arsenault has in the past called for online passwords to be eliminated entirely.

Embracing biometric support completely, however, presents its own security challenges, as the Biostar 2 data breach showed, with the nature of the biometric data taken for more permanent than usernames and passwords, which are stolen in most other breaches.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020