close
Productsdrop-down
Headspin EnterpriseAudio-Visual PlatformRegression IntelligenceCreate Your Own Lab
Resourcesdrop-down
DocumentationGlobal Device InfrastructureRepositoryFAQsIntegrationsWebinars & EventsPodcastsConvergeBlogsWhitepapersTutorialsCase StudiesLatest Feeds
Companydrop-down
About HeadSpinHeadSpin & Appium ProPartnersLeadership TeamCareersPress Resources
Pricing
Log inBook Free Trial
Login
Products
Resources
Company
Pricing
Log inConnect Now
HeadSpin Platform
Automated & manual testing made easy through data science insights.
Differentiating capabilities:
  • Extensive end-to-end automation of QA process
  • Comparative analysis of app performance against peers
  • Continuous monitoring of app performance using synthetic data for higher availability of apps
  • Easy-to-use developer friendly platform

ADD-ON PRODUCTS

Audio Visual Platform
Audio-Visual Platform
One Platform For All Your Media Testing
CYOL
Create Your Own Lab
Utilize Your Own Device Infrastructure With HeadSpin

ENTERPRISE ADDON PRODUCTS

Regression
Regression Intelligence
Automated Solution To Solve Regression Issues

SUPPORT

Documentation
Documentation
Global Device Infrastructure
Global Device Infrastructure
Repository
Repository
FAQS
FAQS
Integrations
Integrations

RESOURCE CENTER

Webinars
Webinars & Events
Podcast
Podcast
Converge
Converge
Blogs
Blogs
Whitepapers
Whitepapers

Resource Center

Tutorials
Tutorials
Case Study
Case Studies
News
Latest Feeds

ABOUT US

About Headspin
About HeadSpin
Appium Pro
HeadSpin & Appium Pro

ABOUT US

Global Device Infrastructure
Partners
Leadership Team
Leadership Team

ABOUT US

Careers
Careers
News
Press Resources
HeadSpin Documentation
Documentation
Changes
Changelog
Getting Started
UI Master Guide
A/V Box
Additional Reference Links
User Roles and Access Permissions
Using Espresso
Using XCTest
Supported Devices and OS Versions in HeadSpin
Integrations
Katalon Studio - Using Katalon with HeadSpin Devices
Tosca - Using Tricentis' Tosca with HeadSpin
Using ACCELQ and HeadSpin
iOS 17 Compatibility and Support
Platform
Unlocking Devices with Pintap
Using the Cookie Tool
Using the HS Tunnel Tool
Remote Functional Testing
Configuring Single Sign-On
Remote Debugging
Platform Command Line Interface
Bring Your Own Device
API Reference
API for Automation Configuration
Basic Device API
App Management
Android Device API
iOS Device API
Using Reservation API
Device Cleaning API
Data Lifecycle Policy API
Session API
Session Annotation API
Session Analysis API
Measuring Visual Load Time in Sessions
Performance Monitoring API
Regression Intelligence API
Providing Feedback
Device Selectors API
Session Status Reliability API
Usage Report
Team API
Network Config API
Auth API
Analysis Config API
Admin API
API for Hardware and Grafana
Using the bluetooth API
Using Audio API
Using A/V Box API
Replica Database API
Grafana API
API for Biometric Testing
PBox Enclosure API
Mini Remote
Using Mini Remote
Automation
Getting Started with Appium
API Tokens
Browser Automation
Chrome DevTools
Recommended network_security_config.xml for network capture
Appium Load Balancer
Appium Capabilities
Migrating to Appium 2
Selenium Capabilities
Appium Inspector Integration
Audio
Audio Setup - Bluetooth Setup and Limitations
Audio Use Cases and Troubleshooting with HeadSpin
Biometrics SDK
Testing biometric authentication in Android
Testing Touch and Face ID in iOS
Performance Analysis
Waterfall UI
Burst UI
AI-based Issue Detection Engine
AI-based Quality of Experience Monitoring
Video Quality MOS
Providing Feedback on HeadSpin Performance Sessions
Annotating Your Session
Image Matching Methods Explained
Performance Monitoring
Performance Monitoring UI
Replica DB
Replica DB UI
Grafana
Grafana Dashboards
Grafana UI Overview
On-Premise Deployments
User Management
Architecture
PBox Data Sheet
PBox Rack Installation
On-Premise Deployment Options
On-Premise Fully Managed Network Admin
iOS Provisioning
New Devices
Upgrade
Pusher
File Layout
Android Network Capture Setup
Network Requirements and Audio Configuration Options
Deprecated Documentation
App API
iOS and Android Device API
Instrumentation API
TestProject - Using Tricentis' TestProject with HeadSpin
Legal Matters
Downloadable Components License Agreement
Home
>
Documentation
>
Testing biometric authentication in Android

Testing biometric authentication in Android

Biometric Testing in Android

Until recently, automating tests on a mobile app that requires fingerprint or face authentication has been a challenge. HeadSpin provides a solution by offering a biometric instrumentation toolset which comprises of a library, API endpoints, and web UI to help automate biometric testing.

Prerequisites

Before using the biometric SDK, please review these important points:

  • The device running the test app should have at least one real valid fingerprint or face ID registered.
  • The application using this SDK should never be distributed outside the use of HeadSpin's secured devices.

Getting started

Android has several different biometric SDKs:

There is a corresponding HS biometric SDK for each of those which wraps the Android SDK to allow remotely controlling biometric authentication. Download the AAR library containing the biometric SDK version you want to use from the download section. Follow these steps in Android Studio to include the library in your project:

  1. Click File > New > New Module.
  2. Click Import .JAR/.AAR Package then click Next.
  3. Select the location of the AAR to use, for example HSBiometricSDK-androidx/HSBiometricSDK-androidx-release.aar then click Finish.
  4. Add a corresponding line to your build.gradle, for example:

<code class="dcode">gradle implementation project(":HSBiometricSDK-androidx-release")</code>

Please see Add your library as a dependency in the Android documentation for additional information.

Using the HeadSpin Biometric SDK for Android

Each SDK will talk to HeadSpin's biometric API over local http which requires the following setting in AndroidManifest.xml:


<application
    android:usesCleartextTraffic="true"

To use each SDK wrap the corresponding Android class in the following way:

HSBiometricSDK-androidx

Package io.headspin.io.biometrics.androidx wraps androidx.biometric.


public class HSBiometricPrompt {
  void authenticate(BiometricPrompt.PromptInfo, BiometricPrompt.CryptoObject)
}

HSBiometricSDK-biometrics

Package io.headspin.io.biometrics.biometrics wraps android.hardware.biometrics.


public class HSBiometricPrompt {
  class AuthenticationCallback : BiometricPrompt.AuthenticationCallback() {
      void onAuthenticationRemote(BiometricPrompt.CryptoObject?)
  }
  HSBiometricPrompt(BiometricPrompt)
  void authenticate(BiometricPrompt.CryptoObject, CancellationSignal, Executor, HSBiometricPrompt.AuthenticationCallback)
}

HSBiometricSDK-fingerprint

Package io.headspin.io.biometrics.fingerprint wraps android.hardware.fingerprint.


public class HSFingerprintManager extends FingerprintManager {
  static HSFingerprintManager getSystemService(Context)
  void authenticate(FingerprintManager.CryptoObject,
    CancellationSignal,
    Int,
    FingerprintManager.AuthenticationCallback,
    Handler)
}

UI integration

When the SDK is used the HeadSpin UI will display a dialog which can be used to trigger biometric authentication in the app.

biometric authentication

Sample Apps

The sample apps come in two versions - one not using the HeadSpin SDK and then a test version with the required changes to use the SDK.

One way to keep a separate test version of an Android app is to use product flavors with separate variants. The samples are configured like below in gradle, adding two variants called "realBiometrics" and "headspinRemote".


flavorDimensions 'biometrics'
productFlavors {
    realBiometrics {
    }
    headspinRemote {
        applicationIdSuffix = '.hs'
    }
}

Different source files can now be placed into "realBiometrics" and "headspinRemote" folders - we moved biometrics related code into a class under realBiometrics and then provide a separate implementation with the HS SDKs in the headspinRemote folder.

Simple Login Sample App

This is a very basic example which uses an Android biometric SDK to ask for authentication and then changes a button depending on the result.

androidx.biometric

The only change required is to use HSBiometricPrompt instead of BiometricPrompt.


// realBiometrics
return BiometricPrompt(context, ContextCompat.getMainExecutor(context), callback)

// headspinRemote
import io.headspin.biometrics.androidx.HSBiometricPrompt
return HSBiometricPrompt(context, ContextCompat.getMainExecutor(context), callback)

androidx.biometric (Java)

The SDKs can also be used from Java instead of Kotlin.


// realBiometrics
BiometricPrompt prompt = new BiometricPrompt(context, ContextCompat.getMainExecutor(context), callback);

// headspinRemote
import io.headspin.biometrics.androidx.HSBiometricPrompt;
HSBiometricPrompt prompt = new HSBiometricPrompt(context, ContextCompat.getMainExecutor(context), callback);

android.hardware.fingerprint

The only change to use the HS biometric SDK is to replace FingerprintManager with HSFingerprintManager


// realBiometrics
private var manager: FingerprintManager = getSystemService(context, FingerprintManager::class.java)

// headspinRemote
private var manager: HSFingerprintManager = HSFingerprintManager.getSystemService(context)

android.hardware.biometrics

This API requires two changes to use the HeadSpin Biometric SDK. First wrap the BiometricPrompt object into a HSBiometricPrompt object.

And then, since the <code class="dcode">authenticate</code> method of the wrapped class uses a different callback class, we are using a custom callback derived from BiometricPrompt.AuthenticationCallback which implements the missing method.


// realBiometrics
open class AuthenticationCallback : BiometricPrompt.AuthenticationCallback() {
    open fun onAuthenticationRemote(result: BiometricPrompt.CryptoObject?) { }
}

wrapped.authenticate(crypto, cancellationSignal, executor, authenticationCallback)

// headspinRemote
import io.headspin.io.biometrics.biometrics.HSBiometricPrompt

open class AuthenticationCallback : HSBiometricPrompt.AuthenticationCallback() {

}

val bio = HSBiometricPrompt(wrapped)
bio.authenticate(crypto, cancellationSignal, executor, authenticationCallback)

Encryption Sample App

The HeadSpin biometric SDK does not replace any of the underlying Android functionality - it just will simulate biometric authentication by calling a success callback in response to a remote command (and close the real biometric prompt). While this works well for something simple and insecure like the previous example it will not allow testing of features using actual biometric security without bypassing more checks.

The encryption sample uses a secure biometric key to encrypt and decrypt a string. To make it work the test version of the app has to replace the secure key with an insecure key, which can be toggled at runtime to demonstrate the difference. The insecure key can of course be used without any biometric authentication at all which is demonstrated with a second runtime toggle.

androidx.biometric

Uses HSBiometricPrompt in the test version where BiometricPrompt is used in the actual version of the app (just like in the login sample). However in the test version it also uses a non-biometric key instead of a biometric key as the key-store cannot be accessed with the fake authentication otherwise:


if (requiresAuthentication) {
    builder.setUserAuthenticationRequired(true)
    builder.setInvalidatedByBiometricEnrollment(true)
}

android.hardware.fingerprint

With Android's FingerprintManager SDK HSFingerprintManager.getSystemService is used instead of getSystemService to obtain a HSFingerprintManager when compiling the test version. And when creating the key setUserAuthenticationRequired and setInvalidatedByBiometricEnrollment is not used in this example in order to allow remote use of the key.


// realBiometrics
manager = getSystemService(context, FingerprintManager::class.java)

// headspinRemote
manager = HSFingerprintManager.getSystemService(context)

if (requiresAuthentication) {
    builder.setUserAuthenticationRequired(true)
    builder.setInvalidatedByBiometricEnrollment(true)
}

android.hardware.biometrics

In addition to using HSBiometricPrompt instead of BiometricPrompt (just like in the simple login example) this requires the same key generation changes as the FingerprintManager example. In short, for testing we remove the biometric requirement from the key, but keep the (fake) biometric prompt to make it behave similar to the real application.

Home
>
Docs
>
Testing biometric authentication in Android

Discover how HeadSpin can empower your business with superior testing capabilities

Our Platform enables you to:
accelerate time-to-market
Accelerate time-to-market, gaining a competitive edge
faster development cycles
Boost developer/QA productivity with faster development cycles
automated buil-over-build regression testing
Automate build-over-build regression testing for consistent results
gain better visibility into functional & performance issues
Gain better visibility into functional and performance issues
reduce mean time
Reduce mean time to identify/resolve during test, QA, and production
evaluate audio, video & qoe
Evaluate audio, video, and content quality of experience (QoE) effortlessly
The trusted choice for global enterprises
Close