The Biometric Sensor SDK provides facilities to use biometric authentication for secure user identification. This increases user convenience during the identification process, yet maintains solution security. The SDK also provides methods to test whether biometric authentication is supported by the platform and if the user enabled it on the device before the actual biometric verification. This means that the device should have registered at least one fingerprint, face, or iris before the authentication.

The OneSpan Biometric Sensor SDK supports Touch ID and Face ID technologies, depending on the device used.

The Biometric Sensor SDK can be used on devices with biometric sensors. It supports the following platforms.

Android devices:

  • Minimum Android 6 (API level 23)
  • Target Android 14 (API level 34)
  • Devices with Android P and later support different authentication methods like fingerprint recognition, face recognition, iris scan etc. (depending on the system configuration). Devices with earlier versions of Android support only authentication via fingerprint recognition.

iOS devices:

  • iOS 13 or higher
  • Swift 5.0 or higher
  • Xcode 15 or higher

The OneSpan Biometric Sensor SDK allows customization of specific parts of the SDK, depending on the operating system:

  • Android: title, subtitle, description, and text of the Minus button of the biometric prompt, and the message for a failed authentication.
  • iOS: the fallback text mechanism and the description for the authentication operation.

The Biometric Sensor SDK product package contains the following:

  • MSSBiometricSensor.xcframework for iOS
  • BiometricSensorSDK.aar for Android

As of OneSpan Mobile Security Suite 4.20.0, the integration of the Biometric Sensor SDK has changed for Android. For instructions on how to integrate the SDK, see Integrate the Biometric Sensor SDK.

Detecting changes in the currently enrolled biometry set

Android

There are two APIs that detect if the biometry has changed from the time of previous execution. Please note that due to an Android limitation, the API can only detect if a new fingerprint was added. The API cannot detect if a fingerprint was removed.

  • isBiometryChanged() is used to detect whether the biometry has changed from the last invocation. This method returns true if a new fingerprint was added and false if no new fingerprints are detected. This API will return a BiometricSensorSDKException with the error code BIOMETRY_DETECTION_NOT_INITIATED if the detection was not initialized properly.
  • initiateBiometryChangeDetection(Context) is used to properly initiate or reset the change detection. This needs to be called before the call to isBiometryChanged().

These APIs also throw exceptions with the following error codes:

Error Code Description
NO_BIOMETRY_ENROLLED Returned if there is no fingerprint enrolled on the device.
INTERNAL_ERROR Returned if an internal error occurred.

For more details, refer to the code sample included in the product package.

To utilize the new APIs for biometric change detection:

  1. Call initiateBiometryChangeDetection(Context) to initiate the change detection.
  2. Call isBiometryChanged() to detect if there is any additions to the biometry.
  3. If there is any change in biometry, the previous API will return true. All subsequent calls to isBiometryChanged() will return true.
  4. If you want to reset this state, call initiateBiometryChangeDetection(Context). After this call is successful, the call to isBiometryChanged() will return false.

iOS

On iOS, the optional property, currentlyEnrolledBiometrySet, provides data on the current set of enrolled biometrics. The value of this property can be used to determine whether the authorized database has been updated. However, the nature of the change cannot be determined (for example, deletions or additions). If there are no biometric enrollments on the device, the property is nil. It is the integrator's responsibility to store the value to be able to compare it with the value returned by the SDK in future.