In biometrics, what aspect of human authentication does a thumbprint scanner test for?

With the increasing usability in areas like browsing, shopping, and payments, the need to secure the device and the apps from malicious attacks online and offline has also grown.

Mostly banking apps and BFSI applications hold critical information about the user, like credit card details, personal data, financial numbers, and so on. It becomes imperative to protect and secure such data. For this purpose, both Android and iOS devices have built-in features such as:

• PIN: 4-digit or 6- digit code to be remembered by the user.
• Pattern: A pattern of lines on a 3X3 matrix of dots.
• Fingerprint Scanner: Matches a human’s fingerprint to the one stored in the device.
• Facial Recognition: Matches the face of a human to the one stored in the mobile device.

The arrival of biometric authentication provides users a foolproof and intuitive way to log in or access devices, apps, or secure information like payment details without having trouble remembering passwords, PINs or patterns. Taking that into consideration Let’s understand how to test biometric authentication on iOS & Android devices. 

Biometric Technology Stats to Consider

Below are some interesting stats from Imageware about the use of biometric technology: 

• The global biometric technology market was forecasted to be over $16.6 billion in 2019.
• It is expected to expand and reach a whopping $55.42 billion by 2027.
• Over 75% of Americans have used biometric technology including anything from fingerprint scanning to facial identification to signature dynamics and hand geometry. 

Advantages of Biometrics Authentication on Mobile Devices

Unique & Secured: Biometrics is very secure as it cannot be leaked like a PIN or password, can only be accessed with the owner’s fingerprint scan and is unique to every individual.

Fast: It is much quicker than entering a PIN or password, just scan and done.

Accurate: As it is unique to an individual and cannot be forged, it gives precise and accurate identification and access.

Hassle of remembering Password: People forget their password and PIN and get blocked from accessing the apps or devices. But with biometrics, there is nothing to remember, it’s right there at the fingertips.

• The multi-factor authentication and its general biometric architecture make native apps more secure than others. 
• Given that monetization might be a core feature of native apps, it is natural that testers will want to test the in-app purchase flow also with utmost security.

Limitations of testing Biometric Authentication

For every mobile app and web app, extensive testing is required to provide users a hassle-free and quality experience without compromising security. So, apps from BFSI, Law, Fintech, Healthcare and Government sector need to check thoroughly and test fingerprint scanners on Android and iOS devices. 

For testing the Biometric Authentication behavior of an app, real devices are needed, with real users scanning their fingerprints on the fingerprint scanner and checking the further flow.

• This poses a difficulty to testers when they need to test biometric authentication on a simulator. 
• Also, it raises limitations on the test coverage of the app as the testing can be done only on the limited mobile devices available since scanning fingerprints requires a real device with fingerprint scanning capability.

This limitation can be overcome by using real devices on the cloud but since fingerprint capture of the user in the app is not possible in this scenario, the testing will require a robust infrastructure.

Testing Biometric Authentication on Real iOS & Android Devices

BrowserStack App Live has introduced the “Biometric Authentication” feature for biometric fingerprint scanner test where the tester can verify the functionality on multiple real devices on the cloud, eliminating the need to scan the fingerprint.

• It supports an app’s interaction with different mobile sensors such as biometrics using Sensor Instrumentation. 
• Sensor Instrumentation is the process in which, if Biometric is enabled for the session, the  BrowserStack’s Biometric code module is injected into the app which mocks or overrides Biometric APIs used by the app.

When the Biometric Authentication functionality is triggered, the App Live will override the device behavior of scanning a fingerprint and will give a dialog prompt with options of PASS or FAIL based on the input testing.

Follow the steps mentioned below:

Step 1:  For testing the Biometric Authentication in the application, upload the .ipa, .apk, .or aab file on App Live as seen below

Step 2: Once the App is uploaded, the Biometric Authentication capability needs to be enabled. For enabling it, go to the settings menu by clicking on the settings icon next to the uploaded App.

Step 3: Find the Biometric Authentication item in the menu and toggle it to ON by clicking on the toggle button.

Step 4: Select the device from the list of real devices on which you want to run your test case.

Step 5: Once the device is selected, the session will start with the uploaded APP opened in the session. Use the app and go to the place where biometrics needs to be authenticated and click on the button or trigger the functionality for scanning the biometric.

Step 6: The Model box will open instead of the scanner with two options i.e. FAIL or PASS. Based on the testcase FAIL or PASS can be selected by clicking them. 

Corresponding to the selection, the model prompt will come either with a success or failure message, as shown below and thus concluding the test.

Biometric Authentication Passed: 

Biometric Authentication Failed: 

PS – While the public iOS 16 version has been unleashed worldwide, BrowserStack infrastructure supports iOS 16 testing on iPhone 14.  iPhone 14 can be  accessed by all paid users of Live and App Live. 

Test on iPhone 14 Now

Key Takeaways for Testing Biometric Authentication

Biometric technology has turned out to be a game changer for the security of mobile devices including its use in fingerprint scan features for mobile devices as it imparts numerous advantages for building a secure system. It is fast, more secure than other options like PIN/Passwords, easy to use and hassle-free as it doesn’t need users to remember anything to protect and unlock their personal information. 

• By using BrowserStack’s App Live Biometric Authentication feature, fingerprint scan functionality can be tested online on different real mobile devices-OS combinations by selecting pass or fail on the prompt without actually scanning a fingerprint. 
• Also, it helps testers to verify apps for online fingerprint scans without buying/having an actual physical real device and not to to worry about how to scan fingerprints online as it is taken care of by BrowserStack biometric code module.

Note – The Biometric Authentication feature is currently in Beta and may involve changes based on feedback.

Test Biometric Authentication using App Live

What are the 3 types of authentication?

Which of the following is used for biometric authentication?

What type of device is used for user authentication?

What are the common authentication types and when do you use them?