Convenience Without Compromising Security
Face ID, Touch ID, and Android’s biometric APIs let users authenticate with a glance or a touch instead of typing a password. Implemented correctly, biometrics improve both security and user experience simultaneously — but the implementation details matter enormously.
Biometrics Unlock Local Secrets, They Don’t Replace Authentication
A critical architectural point: biometric APIs on both iOS and Android are designed to unlock locally stored secrets (like a cryptographic key in the Secure Enclave or Android Keystore), not to directly authenticate against your server. The correct pattern is using biometrics to unlock a locally stored token or key that then authenticates with your backend — never sending “biometric passed: true” as if it were a server-verifiable credential.
Always Provide a Fallback
Biometric hardware fails, faces change, and injuries happen. Every biometric authentication flow needs a fallback — typically a PIN or password — and both platforms provide this as part of their standard biometric prompt APIs rather than requiring you to build it separately.
Handling Biometric Changes
When a user adds or removes a fingerprint or face, both platforms invalidate previously stored biometric-protected keys by default — a security feature against a device being compromised and new biometrics being enrolled by an attacker. Your app needs to handle this gracefully, prompting the user to re-authenticate through a fallback method rather than crashing or silently failing.
What Not to Store
Never attempt to access or store raw biometric data yourself — both platforms deliberately don’t expose this, and for good reason. Your app only ever receives a success or failure result from the OS-level biometric check; the biometric data itself never leaves secure hardware.
Practical Implementation Checklist
- Use platform-provided biometric APIs (LocalAuthentication on iOS, BiometricPrompt on Android) rather than building custom UI around raw sensor access.
- Always pair biometric unlock with a securely stored credential, not a boolean flag.
- Provide a clear, always-available fallback authentication path.
- Handle biometric enrollment changes by requiring re-authentication.