BiometricManager


public class BiometricManager
extends Object

java.lang.Object
   ↳ android.hardware.biometrics.BiometricManager


A class that contains biometric utilities. For authentication, see BiometricPrompt.

Summary

Nested classes

interface BiometricManager.Authenticators

Types of authenticators, defined at a level of granularity supported by BiometricManager and BiometricPrompt

class BiometricManager.Strings

Provides localized strings for an application that uses BiometricPrompt to authenticate the user. 

Constants

int BIOMETRIC_ERROR_HW_UNAVAILABLE

The hardware is unavailable.

int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE

Identity Check is currently not active.

int BIOMETRIC_ERROR_NONE_ENROLLED

The user does not have any biometrics enrolled.

int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS

Biometrics is not allowed to verify the user in apps.

int BIOMETRIC_ERROR_NO_HARDWARE

There is no biometric hardware.

int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED

A security vulnerability has been discovered and the sensor is unavailable until a security update has addressed this issue.

long BIOMETRIC_NO_AUTHENTICATION

Returned from BiometricManager.getLastAuthenticationTime(int) when no matching successful authentication has been performed since boot.

int BIOMETRIC_SUCCESS

No error detected.

Public methods

int canAuthenticate()

This method was deprecated in API level 30. See canAuthenticate(int).

int canAuthenticate(int authenticators)

Determine if any of the provided authenticators can be used.

long getLastAuthenticationTime(int authenticators)

Gets the last time the user successfully authenticated using one of the given authenticators.

BiometricManager.Strings getStrings(int authenticators)

Produces an instance of the Strings class, which provides localized strings for an application, given a set of allowed authenticator types.

Inherited methods

Constants

BIOMETRIC_ERROR_HW_UNAVAILABLE

Added in API level 29
public static final int BIOMETRIC_ERROR_HW_UNAVAILABLE

The hardware is unavailable. Try again later.

Constant Value: 1 (0x00000001)

BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE

public static final int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE

Identity Check is currently not active. This device either doesn't have this feature enabled, or it's not considered in a high-risk environment that requires extra security measures for accessing sensitive data.

Constant Value: 20 (0x00000014)

BIOMETRIC_ERROR_NONE_ENROLLED

Added in API level 29
public static final int BIOMETRIC_ERROR_NONE_ENROLLED

The user does not have any biometrics enrolled.

Constant Value: 11 (0x0000000b)

BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS

public static final int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS

Biometrics is not allowed to verify the user in apps.

Constant Value: 21 (0x00000015)

BIOMETRIC_ERROR_NO_HARDWARE

Added in API level 29
public static final int BIOMETRIC_ERROR_NO_HARDWARE

There is no biometric hardware.

Constant Value: 12 (0x0000000c)

BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED

Added in API level 30
public static final int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED

A security vulnerability has been discovered and the sensor is unavailable until a security update has addressed this issue. This error can be received if for example, authentication was requested with Authenticators.BIOMETRIC_STRONG, but the sensor's strength can currently only meet Authenticators.BIOMETRIC_WEAK.

Constant Value: 15 (0x0000000f)

BIOMETRIC_NO_AUTHENTICATION

Added in API level 35
public static final long BIOMETRIC_NO_AUTHENTICATION

Returned from BiometricManager.getLastAuthenticationTime(int) when no matching successful authentication has been performed since boot.

Constant Value: -1 (0xffffffffffffffff)

BIOMETRIC_SUCCESS

Added in API level 29
public static final int BIOMETRIC_SUCCESS

No error detected.

Constant Value: 0 (0x00000000)

Public methods

canAuthenticate

Added in API level 29
Deprecated in API level 30
public int canAuthenticate ()

This method was deprecated in API level 30.
See canAuthenticate(int).

Determine if biometrics can be used. In other words, determine if BiometricPrompt can be expected to be shown (hardware available, templates enrolled, user-enabled). This is the equivalent of canAuthenticate(int) with Authenticators.BIOMETRIC_WEAK
Requires Manifest.permission.USE_BIOMETRIC

Returns
int BIOMETRIC_ERROR_NONE_ENROLLED if the user does not have any strong biometrics enrolled, or BIOMETRIC_ERROR_HW_UNAVAILABLE if none are currently supported/enabled. Returns BIOMETRIC_SUCCESS if a strong biometric can currently be used (enrolled and available). Value is BIOMETRIC_SUCCESS, BIOMETRIC_ERROR_HW_UNAVAILABLE, BIOMETRIC_ERROR_NONE_ENROLLED, BIOMETRIC_ERROR_NO_HARDWARE, BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED, android.hardware.biometrics.BiometricManager.BIOMETRIC_ERROR_LOCKOUT, or BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE

canAuthenticate

Added in API level 30
public int canAuthenticate (int authenticators)

Determine if any of the provided authenticators can be used. In other words, determine if BiometricPrompt can be expected to be shown (hardware available, templates enrolled, user-enabled). For biometric authenticators, determine if the device can currently authenticate with at least the requested strength. For example, invoking this API with Authenticators.BIOMETRIC_WEAK on a device that currently only has Authenticators.BIOMETRIC_STRONG enrolled will return BIOMETRIC_SUCCESS. Invoking this API with Authenticators.DEVICE_CREDENTIAL can be used to determine if the user has a PIN/Pattern/Password set up.
Requires Manifest.permission.USE_BIOMETRIC

Parameters
authenticators int: bit field consisting of constants defined in Authenticators. If multiple authenticators are queried, a logical OR will be applied. For example, if Authenticators.DEVICE_CREDENTIAL | Authenticators.BIOMETRIC_STRONG is queried and only Authenticators.DEVICE_CREDENTIAL is set up, this API will return BIOMETRIC_SUCCESS Value is either 0 or a combination of BiometricManager.Authenticators.BIOMETRIC_STRONG, BiometricManager.Authenticators.BIOMETRIC_WEAK, android.hardware.biometrics.BiometricManager.Authenticators.BIOMETRIC_CONVENIENCE, BiometricManager.Authenticators.DEVICE_CREDENTIAL, and BiometricManager.Authenticators.IDENTITY_CHECK

Returns
int BIOMETRIC_ERROR_NONE_ENROLLED if the user does not have any of the requested authenticators enrolled, or BIOMETRIC_ERROR_HW_UNAVAILABLE if none are currently supported/enabled. Returns BIOMETRIC_SUCCESS if one of the requested authenticators can currently be used (enrolled and available). Value is BIOMETRIC_SUCCESS, BIOMETRIC_ERROR_HW_UNAVAILABLE, BIOMETRIC_ERROR_NONE_ENROLLED, BIOMETRIC_ERROR_NO_HARDWARE, BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED, android.hardware.biometrics.BiometricManager.BIOMETRIC_ERROR_LOCKOUT, or BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE

getLastAuthenticationTime

Added in API level 35
public long getLastAuthenticationTime (int authenticators)

Gets the last time the user successfully authenticated using one of the given authenticators. The returned value is time in SystemClock.elapsedRealtime() (time since boot, including sleep).

BiometricManager.BIOMETRIC_NO_AUTHENTICATION is returned in the case where there has been no successful authentication using any of the given authenticators since boot.

Currently, only Authenticators.DEVICE_CREDENTIAL and Authenticators.BIOMETRIC_STRONG are accepted. IllegalArgumentException will be thrown if authenticators contains other authenticator types.

Note that this may return successful authentication times even if the device is currently locked. You may use KeyguardManager.isDeviceLocked() to determine if the device is unlocked or not. Additionally, this method may return valid times for an authentication method that is no longer available. For instance, if the user unlocked the device with a Authenticators.BIOMETRIC_STRONG authenticator but then deleted that authenticator (e.g., fingerprint data), this method will still return the time of that unlock for Authenticators.BIOMETRIC_STRONG if it is the most recent successful event. The caveat is that BiometricManager.BIOMETRIC_NO_AUTHENTICATION will be returned if the device no longer has a secure lock screen at all, even if there were successful authentications performed before the lock screen was made insecure.
Requires Manifest.permission.USE_BIOMETRIC
Value is a non-negative timestamp in the SystemClock.elapsedRealtime() time base.

Parameters
authenticators int: bit field consisting of constants defined in Authenticators. Value is either 0 or a combination of BiometricManager.Authenticators.BIOMETRIC_STRONG, BiometricManager.Authenticators.BIOMETRIC_WEAK, android.hardware.biometrics.BiometricManager.Authenticators.BIOMETRIC_CONVENIENCE, BiometricManager.Authenticators.DEVICE_CREDENTIAL, and BiometricManager.Authenticators.IDENTITY_CHECK

Returns
long the time of last authentication or BiometricManager.BIOMETRIC_NO_AUTHENTICATION Value is a non-negative timestamp in the SystemClock.elapsedRealtime() time base.

Throws
IllegalArgumentException if authenticators contains values other than Authenticators.DEVICE_CREDENTIAL and Authenticators.BIOMETRIC_STRONG or is 0.

getStrings

Added in API level 31
public BiometricManager.Strings getStrings (int authenticators)

Produces an instance of the Strings class, which provides localized strings for an application, given a set of allowed authenticator types.
Requires Manifest.permission.USE_BIOMETRIC

Parameters
authenticators int: A bit field representing the types of Authenticators that may be used for authentication. Value is either 0 or a combination of BiometricManager.Authenticators.BIOMETRIC_STRONG, BiometricManager.Authenticators.BIOMETRIC_WEAK, android.hardware.biometrics.BiometricManager.Authenticators.BIOMETRIC_CONVENIENCE, BiometricManager.Authenticators.DEVICE_CREDENTIAL, and BiometricManager.Authenticators.IDENTITY_CHECK

Returns
BiometricManager.Strings A Strings collection for the given allowed authenticator types. This value cannot be null.