this post was submitted on 27 Jun 2024
858 points (97.5% liked)

Technology

60052 readers
2853 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 5 months ago (1 children)

Wouldn't the phone have to have your fingerprint stored in order to compare it to the one scanned?

[–] [email protected] 6 points 5 months ago* (last edited 5 months ago) (1 children)

Yes, the phone does, but that data is protected in the hardware and never sent to the software, the hardware basically just sends ok / not ok. It's not impossible to hack in theory, nothing is, but it would be a very major security exploit in itself that would deserve a bunch of articles on it's own. And would likely be device specific vulnerability, not something an app just does wherever installed.

[–] [email protected] 1 points 5 months ago (1 children)

Pretty sure this is not true. That's how apple's fingerprint scanners work. On android the fingerprint data is stored either in the tpm or a part of the storage encrypted by it.

[–] [email protected] 1 points 5 months ago (1 children)

Yeah, so the app never sees it. What are you disagreeing with?

[–] [email protected] 1 points 5 months ago (1 children)

I just corrected that, can't I without disagreeing?

[–] [email protected] 1 points 5 months ago (1 children)

I mean that I don't know what part of my comment is "not true". I welcome corrections, I just don't see what is being corrected here.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (1 children)

It doesn't send a yes/no signal it sends the fingerprint to be compared to the stored one

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

https://developer.android.com/identity/sign-in/biometric-auth#display-login-prompt

The app gets either the onAuthenticationSucceeded or onAuthenticationFailed callback. It doesn't get the fingerprint.

Edit: I think we are misunderstanding each other, I'm saying that apps never see the fingerprint. The OS does, depending on the device.

[–] [email protected] 1 points 5 months ago

I think we are misunderstanding each other

Exactly