Google testing biometric support for Autofill service

Users may be asked for additional verification before Autofill populates apps and forms with sensitive data

Google is toying with adding biometric support to its Autofill service on Android devices, deployed by users to automatically populate online forms and apps with personal and sensitive information.

Android code that hasn’t yet been enabled suggests Google’s built-in service could, in a future update, introduce an additional security layer involving fingerprint scanning or facial recognition, according to XDA Developers

The additional step would be handled through the ‘BiometricPromptAPI’, and would aim to resolve a security concern that has riddled Google’s auto-fill feature for years.

Autofill allows Android users to automatically populate forms and apps with information like passwords, addresses and credit card details, that's synced with their Google account.

With Google’s Android 8 Oreo operating system, the inclusion of an Autofill API opened up support to third-party password managers like LastPass and Dashlane.

Using the equivalent of Autofill with these apps, however, generally requires users to pass an additional layer of security, like a quick fingerprint scan, to verify their identity.

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

Unlike these third-party apps, however, Google’s own feature has never demanded any additional form of authentication.

Attackers, therefore, could in theory gain access to a wealth of sensitive information - including financial data - by just bypassing the passcodes users set that allows access into their devices.

According to an APK teardown, biometric support options would be enabled within the Autofill settings portion of the Android settings menu, under ‘autofill security’. 

Users could then separately toggle biometric support on or off for payment information and credentials like usernames and passwords.

Biometric security is increasingly being seen as a reliable and secure alternative to traditional passwords and passcodes. The use of password managers, too, is often recommended by security experts as a means of improving cyber hygiene.

Microsoft, for instance, is a company that’s been highly vocal about the need to shift away from conventional passwords and for users to instead embrace biometrics as an alternative. Its chief information security officer Bret Arsenault has in the past called for online passwords to be eliminated entirely.

Embracing biometric support completely, however, presents its own security challenges, as the Biostar 2 data breach showed, with the nature of the biometric data taken for more permanent than usernames and passwords, which are stolen in most other breaches.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021