New in Android Samples: Authenticating to remote servers using the Fingerprint API

New in Android Samples: Authenticating to remote servers using the Fingerprint API

Android 6.0 Develop Featured Marshmallow Samples

Posted by Takeshi Hagikura, Yuichi Araki, Developer Programs Engineer

As we announced in the previous blog post, Android 6.0 Marshmallow is now publicly available to users. Along the way, we’ve been updating our samples collection to highlight exciting new features available to developers.

This week, we’re releasing AsymmetricFingerprintDialog, a new sample demonstrating how to securely integrate with compatible fingerprint readers (like Nexus Imprint) in a client/server environment.

Let’s take a closer look at how this sample works, and talk about how it complements the FingerprintDialog sample we released earlier during the public preview.

Symmetric vs Asymmetric Keys

The Android Fingerprint API protects user privacy by keeping users’ fingerprint features carefully contained within secure hardware on the device. This guards against malicious actors, ensuring that users can safely use their fingerprint, even in untrusted applications.

Android also provides protection for application developers, providing assurances that a user’s fingerprint has been positively identified before providing access to secure data or resources. This protects against tampered applications, providing cryptographic-level security for both offline data and online interactions.

When a user activates their fingerprint reader, they’re unlocking a hardware-backed cryptographic vault. As a developer, you can choose what type of key material is stored in that vault, depending on the needs of your application:

• Symmetric keys: Similar to a password, symmetric keys allow encrypting local data. This is a good choice securing access to databases or offline files.


• Asymmetric keys: Provides a key pair, comprised of a public key and a private key. The public key can be safely sent across the internet and stored on a remote server. The private key can later be used to sign data, such that the signature can be verified using the public key. Signed data cannot be tampered with, and positively identifies the original author of that data. In this way, asymmetric keys can be used for network login and authenticating online transactions. Similarly, the public key can be used to encrypt data, such that the data can only be decrypted with the private key.
  

This sample demonstrates how to use an asymmetric key, in the context of authenticating an online purchase. If you’re curious about using symmetric keys instead, take a look at the FingerprintDialog sample that was published earlier.

Here is a visual explanation of how the Android app, the user, and the backend fit together using the asymmetric key flow:

1. Setting Up: Creating an asymmetric keypair

First you need to create an asymmetric key pair as follows:

KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
keyPairGenerator.initialize(
        new KeyGenParameterSpec.Builder(KEY_NAME,
                KeyProperties.PURPOSE_SIGN)
                .setDigests(KeyProperties.DIGEST_SHA256)
                .setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"))
                .setUserAuthenticationRequired(true)
                .build());
keyPairGenerator.generateKeyPair();

Note that .setUserAuthenticationRequired(true) requires that the user authenticate with a registered fingerprint to authorize every use of the private key.

Then you can retrieve the created private and public keys with as follows:

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PublicKey publicKey =
        keyStore.getCertificate(MainActivity.KEY_NAME).getPublicKey();

KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null);

2. Registering: Enrolling the public key with your server

Second, you need to transmit the public key to your backend so that in the future the backend can verify that transactions were authorized by the user (i.e. signed by the private key corresponding to this public key).
This sample uses the fake backend implementation for reference, so it mimics the transmission of the public key, but in real life you need to transmit the public key over the network.

boolean enroll(String userId, String password, PublicKey publicKey);

3. Let’s Go: Signing transactions with a fingerprint

To allow the user to authenticate the transaction, e.g. to purchase an item, prompt the user to touch the fingerprint sensor.

Then start listening for a fingerprint as follows:

Signature.getInstance("SHA256withECDSA");
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null);
signature.initSign(key);
CryptoObject cryptObject = new FingerprintManager.CryptoObject(signature);

CancellationSignal cancellationSignal = new CancellationSignal();
FingerprintManager fingerprintManager =
        context.getSystemService(FingerprintManager.class);
fingerprintManager.authenticate(cryptoObject, cancellationSignal, 0, this, null);

4. Finishing Up: Sending the data to your backend and verifying

After successful authentication, send the signed piece of data (in this sample, the contents of a purchase transaction) to the backend, like so:

Signature signature = cryptoObject.getSignature();
// Include a client nonce in the transaction so that the nonce is also signed 
// by the private key and the backend can verify that the same nonce can't be used 
// to prevent replay attacks.
Transaction transaction = new Transaction("user", 1, new SecureRandom().nextLong());
try {
    signature.update(transaction.toByteArray());
    byte[] sigBytes = signature.sign();
    // Send the transaction and signedTransaction to the dummy backend
    if (mStoreBackend.verify(transaction, sigBytes)) {
        mActivity.onPurchased(sigBytes);
        dismiss();
    } else {
        mActivity.onPurchaseFailed();
        dismiss();
    }
} catch (SignatureException e) {
    throw new RuntimeException(e);
}

Last, verify the signed data in the backend using the public key enrolled in step 2:

@Override
public boolean verify(Transaction transaction, byte[] transactionSignature) {
    try {
        if (mReceivedTransactions.contains(transaction)) {
            // It verifies the equality of the transaction including the client nonce
            // So attackers can't do replay attacks.
            return false;
        }
        mReceivedTransactions.add(transaction);
        PublicKey publicKey = mPublicKeys.get(transaction.getUserId());
        Signature verificationFunction = Signature.getInstance("SHA256withECDSA");
        verificationFunction.initVerify(publicKey);
        verificationFunction.update(transaction.toByteArray());
        if (verificationFunction.verify(transactionSignature)) {
            // Transaction is verified with the public key associated with the user
            // Do some post purchase processing in the server
            return true;
        }
    } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
        // In a real world, better to send some error message to the user
    }
    return false;
}

At this point, you can assume that the user is correctly authenticated with their fingerprints because as noted in step 1, user authentication is required before every use of the private key. Let’s do the post processing in the backend and tell the user that the transaction is successful!

Other updated samples

We also have a couple of Marshmallow-related updates to the Android For Work APIs this month for you to peruse:

AppRestrictionEnforcer and AppRestrictionSchema
These samples were originally released when the App Restriction feature was introduced as a part of Android for Work API in Android 5.0 Lollipop. AppRestrictionEnforcer demonstrates how to set restriction to other apps as a profile owner. AppRestrictionSchema defines some restrictions that can be controlled by AppRestrictionEnforcer. This update shows how to use 2 additional restriction types introduced in Android 6.0.

We hope you enjoy the updated samples. If you have any questions regarding the samples, please visit us on our GitHub page and file issues or send us pull requests.

Android 6.0 Marshmallow coming to devices soon

Android 6.0 Marshmallow coming to devices soon

Android 6.0 Develop Featured Marshmallow

Posted by, Dave Burke, VP of Engineering, Android

Starting next week, Android 6.0 Marshmallow will begin rolling out to supported Nexus devices around the world, including Nexus 5, Nexus 6, Nexus 7 (2013), Nexus 9, Nexus Player, and Android One. At the same time, we’ll be pushing the Android 6.0 source to the Android Open Source Project (AOSP), which marks the official beginning of public availability.

Today we also introduced two great new Nexus devices that will be among the first to run the Android 6.0 Marshmallow platform. These devices let your apps use the latest platform features and take advantage of the latest hardware optimizations from our partners. Let’s take a look at how to make sure your apps look great on these new devices.

Introducing Nexus 5X and Nexus 6P

Nexus 5X

Nexus 6P

The Nexus 5X is built in partnership with LG. It’s equipped with a 5.2-inch FHD LCD 1080p display, a Snapdragon™ 808 processor (1.8 GHz hexa-core, 64-bit), and a 12.3 MP rear camera. Offering top-line performance in a compact, lightweight device.

The Nexus 6P, built in partnership with Huawei, has a 5.7-inch WQHD AMOLED display, Snapdragon™ 810 v2.1 processor (2.0 GHz octa-core 64-bit), front-facing stereo speakers, and a 12.3 MP rear camera, all housed in a diamond-cut aluminum body.

Both devices have USB Type-C ports and fingerprint sensors, and include the latest hardware features for Android, such as: Android Sensor Hub, low-power Wi-Fi scanning with channel selection, batching, and BSSID hotlists, Bluetooth 4.2 with ultra low-power BLE notifications, and more.

Get your apps ready

Take some time to make sure your apps and games are ready to give your users the best mobile experience on these devices.

Check your assets

	Resolution	Screen size	Density
Nexus 5X	1920 x 1080 px (730 x 410 dp)	normal	420 dpi
Nexus 6P	2560 x 1440 px (730 x 410 dp)	normal	560 dpi

Nexus 5X has a quantized density of 420 dpi, which falls in between the xhdpi and xxhdpi primary density buckets. Nexus 6P has a density of 560 dpi, which falls in between the xxhdpi and xxxhdpi buckets. The platform will scale down any assets from a higher resolution bucket, but if those aren’t available, then it will scale up the assets from a lower-density bucket.

For best appearance in the launcher, we recommend that you provide at least an xxxhdpi app icon because devices can display large app icons on the launcher.

For the rest of your assets, you can consider using vector assets or optionally add versions for the next-higher density bucket. This provides a sharper visual experience, but does increase apk size, so you should make an appropriate decision for your app.

Make sure you are not filtered on Google Play

If you are using the <compatible-screens>: element in your AndroidManifest.xml file, you should stop using it because it’s not scalable to re-compile and publish your app each time new devices come out. If you must use it, make sure to update your manifest to add a new configuration for Nexus 5X, since it uses a new density bucket (420). Otherwise, your app may be filtered from Google Play on these devices.

Wrapping up M Developer Preview

After three preview releases, and with the final OTA coming soon, it’s time to wrap up the Android M Developer Preview. The feedback you’ve provided has helped make Android 6.0 a great platform for apps and games. Developers in more than 200 countries have been using the Developer Preview to get their apps ready for Android 6.0 Marshmallow users everywhere.

More developer resources

If you haven’t taken a look at Android 6.0 Marshmallow yet, visit developer.android.com/mm for complete information about about what’s new for developers and important changes to plan for in your apps — runtime permissions, Doze and App Standby idle modes, Auto Backup for Apps, fingerprint support, and others.

We’ve also produced a playlist of developer videos to help you get the most out of all the new features in Android 6.0 Marshmallow. Check it out below.

Final testing and updates

Now is the time to finish up testing and prepare for publishing. You can use the Developer Preview 3 system images for final testing until early October. After the Android 6.0 public release, you’ll be able to download final images from the Nexus factory images page, and final emulator images from Android Studio.

Reminder: Devices flashed with an M Developer Preview build won’t receive the Android 6.0 update automatically. You’ll need to manually flash those devices to a public released image first.

Upload your apps to Google Play

When your apps are ready, you can update them to Google Play via the Developer Console on all release channels (Alpha, Beta & Production). For apps that target API level 23, Google Play will provide the new optimized download and autoupdate flow based on the runtime permissions model in Android 6.0. Give it a try!

To make sure that your updated app runs well on Android 6.0 Marshmallow and older versions, we recommend that you use the newly improved beta testing feature on Google Play to get early feedback. You can then do a staged rollout as you release the new version to all users.

What’s next?

In mid-October, we’ll be turning down the M Developer Preview community and the M Developer Preview issue tracker. If you've filed bugs against the preview, and you'd like to keep these open against the Android 6.0 final builds, you can file a new issue in the AOSP issue tracker.

Thanks to everyone who participated in the Android M Developer Preview. Let us know how this year’s preview met your needs by taking a short survey. Your feedback helps shape our future releases.

Building better apps with Runtime Permissions

Building better apps with Runtime Permissions

Android 6.0 Design Develop Featured Marshmallow permissions runtime permissions

Posted by Ian Lake, Developer Advocate

Android devices do a lot, whether it is taking pictures, getting directions or making phone calls. With all of this functionality comes a large amount of very sensitive user data including contacts, calendar appointments, current location, and more. This sensitive information is protected by permissions, which each app must have before being able to access the data. Android 6.0 Marshmallow introduces one of the largest changes to the permissions model with the addition of runtime permissions, a new permission model that replaces the existing install time permissions model when you target API 23 and the app is running on an Android 6.0+ device.

Runtime permissions give your app the ability to control when and with what context you’ll ask for permissions. This means that users installing your app from Google Play will not be required to accept a list of permissions before installing your app, making it easy for users to get directly into your app. It also means that if your app adds new permissions, app updates will not be blocked until the user accepts the new permissions. Instead, your app can ask for the newly added runtime permissions as needed.

Finding the right time to ask for runtime permissions has an important impact on your app’s user experience. We’ve gathered a number of design patterns in our new Permission design guidelines including best practices around when to request permissions, how to explain why permissions are needed, and how to handle permissions being denied.

Ask up front for permissions that are obvious

In many cases, you can avoid permissions altogether by using the existing intents system to utilize other existing specialized apps rather than building a full experience within your app. An example of this is using ACTION_IMAGE_CAPTURE to start an existing camera app the user is familiar with rather than building your own camera experience. Learn more about permissions versus intents.

However, if you do need a runtime permission, there’s a number of tools to help you. Checking for whether your app has a permission is possible with ContextCompat.checkSelfPermission() (available as part of revision 23 of the support-v4 library for backward compatibility) and requesting permissions can be done with requestPermissions(), bringing up the system controlled permissions dialog to allow the user to grant you the requested permission(s) if you don’t already have them. Keep in mind that users can revoke permissions at any time through the system settings so you should always check permissions every time.

A special note should be made around shouldShowRequestPermissionRationale(). This method returns true if the user has denied your permission request at least once yet have not selected the ‘Don’t ask again’ option (which appears the second or later time the permission dialog appears). This gives you an opportunity to provide additional education around the feature and why you need the given permission. Learn more about explaining why the app needs permissions.

Read through the design guidelines and our developer guide for all of the details in getting your app ready for Android 6.0 and runtime permissions. Making it easy to install your app and providing context around accessing user’s sensitive data are key changes you can make to build better apps.

Join the discussion on



+Android Developers

Develop a sweet spot for Marshmallow: Official Android 6.0 SDK & Final M Preview

Develop a sweet spot for Marshmallow: Official Android 6.0 SDK & Final M Preview

Android 6.0 Develop Marshmallow

By Jamal Eason, Product Manager, Android

Android 6.0 Marshmallow

Whether you like them straight out of the bag, roasted to a golden brown exterior with a molten center, or in fluff form, who doesn’t like marshmallows? We definitely like them! Since the launch of the M Developer Preview at Google I/O in May, we’ve enjoyed all of your participation and feedback. Today with the final Developer Preview update, we're introducing the official Android 6.0 SDK and opening Google Play for publishing your apps that target the new API level 23 in Android Marshmallow.

Get your apps ready for Android Marshmallow

The final Android 6.0 SDK is now available to download via the SDK Manager in Android Studio. With the Android 6.0 SDK you have access to the final Android APIs and the latest build tools so that you can target API 23. Once you have downloaded the Android 6.0 SDK into Android Studio, update your app project compileSdkVersion to 23 and you are ready to test your app with the new platform. You can also update your app to targetSdkVersion to 23 test out API 23 specific features like auto-backup and app permissions.

Along with the Android 6.0 SDK, we also updated the Android Support Library to v23. The new Android Support library makes it easier to integrate many of the new platform APIs, such as permissions and fingerprint support, in a backwards-compatible manner. This release contains a number of new support libraries including: customtabs, percent, recommendation, preference-v7, preference-v14, and preference-leanback-v17.

Check your App Permissions

Along with the new platform features like fingerprint support and Doze power saving mode, Android Marshmallow features a new permissions model that streamlines the app install and update process. To give users this flexibility and to make sure your app behaves as expected when an Android Marshmallow user disables a specific permission, it’s important that you update your app to target API 23, and test the app thoroughly with Android Marshmallow users.

How to Get the Update

The Android emulator system images and developer preview system images have been updated for supported Nexus devices (Nexus 5, Nexus 6, Nexus 9 & Nexus Player) to help with your testing. You can download the device system images from the developer preview site. Also, similar to the previous developer update, supported Nexus devices will receive an Over-the-Air (OTA) update over the next couple days.

Although the Android 6.0 SDK is final, the devices system images are still developer preview versions. The preview images are near final but they are not intended for consumer use. Remember that when Android 6.0 Marshmallow launches to the public later this fall, you'll need to manually re-flash your device to a factory image to continue to receive consumer OTA updates for your Nexus device.

What is New

Compared to the previous developer preview update, you will find this final API update fairly incremental. You can check out all the API differences here, but a few of the changes since the last developer update include:

• Android Platform Change:
  
  • Final Permissions User Interface — we updated the permissions user interface and enhanced some of the permissions behavior.
  
  

• API Change:
  
  • Updates to the Fingerprint API — which enables better error reporting, better fingerprint enrollment experience, plus enumeration support for greater reliability.
  
  

Upload your Android Marshmallow apps to Google Play

Google Play is now ready to accept your API 23 apps via the Google Play Developer Console on all release channels (Alpha, Beta & Production). At the consumer launch this fall, the Google Play store will also be updated so that the app install and update process supports the new permissions model for apps using API 23.

To make sure that your updated app runs well on Android Marshmallow and older versions, we recommend that you use Google Play’s newly improved beta testing feature to get early feedback, then do a staged rollout as you release the new version to all users.