BiometricManager.Authenticators

public interface BiometricManager.Authenticators

Types of authenticators, defined at a level of granularity supported by BiometricManager and BiometricPrompt.

Types may combined via bitwise OR into a single integer representing multiple authenticators (e.g. DEVICE_CREDENTIAL | BIOMETRIC_WEAK).

See also
canAuthenticate
setAllowedAuthenticators

Summary

Constants
default static final int

Any biometric (e.g. fingerprint, iris, or face) on the device that meets or exceeds the requirements for Class 3 (formerly Strong), as defined by the Android CDD.
default static final int

Any biometric (e.g. fingerprint, iris, or face) on the device that meets or exceeds the requirements for Class 2 (formerly Weak), as defined by the Android CDD.
default static final int

The non-biometric credential used to secure the device (i.e. PIN, pattern, or password).
default static final int
@RequiresPermission(value = "android.permission.SET_BIOMETRIC_DIALOG_ADVANCED")
IDENTITY_CHECK = 65536

The bit is used to request for Identity Check.

Constants

BIOMETRIC_STRONG

Added in 1.1.0
default static final int BIOMETRIC_STRONG = 15

Any biometric (e.g. fingerprint, iris, or face) on the device that meets or exceeds the requirements for Class 3 (formerly Strong), as defined by the Android CDD.

BIOMETRIC_WEAK

Added in 1.1.0
default static final int BIOMETRIC_WEAK = 255

Any biometric (e.g. fingerprint, iris, or face) on the device that meets or exceeds the requirements for Class 2 (formerly Weak), as defined by the Android CDD.

Note that this is a superset of BIOMETRIC_STRONG and is defined such that BIOMETRIC_STRONG | BIOMETRIC_WEAK == BIOMETRIC_WEAK.

DEVICE_CREDENTIAL

Added in 1.1.0
default static final int DEVICE_CREDENTIAL = 32768

The non-biometric credential used to secure the device (i.e. PIN, pattern, or password). This should typically only be used in combination with a biometric auth type, such as BIOMETRIC_WEAK.

IDENTITY_CHECK

Added in 1.4.0-alpha04
@RequiresPermission(value = "android.permission.SET_BIOMETRIC_DIALOG_ADVANCED")
default static final int IDENTITY_CHECK = 65536

The bit is used to request for Identity Check. Identity Check is a feature added in API 36, which requires class 3 biometric authentication to access sensitive surfaces when the device is outside trusted places.

The requirements to trigger Identity Check are as follows:

  1. User must have enabled the toggle for Identity Check in settings
  2. User must have enrollments for at least one BIOMETRIC_STRONG sensor
  3. The device is determined to be in a high risk environment, for example if it is outside of the user's trusted locations or fails to meet similar conditions
  4. The Identity Check requirements bit must be true

If all the above conditions are satisfied, only BIOMETRIC_STRONG sensors will be eligible for authentication, and device credential fallback will be dropped.

For backward compatibility: If identity check isn't supported on the current API level:

  • a. if there are other allowed authenticators bits, identity check will be ignored and use the others for authentication;
  • b. if IDENTITY_CHECK is the only allowed authenticators bit, identity check will be ignored and the default authenticator will be used.