face unlock using Confirm Credentials api

Question

I am using confirm credentials api in my app to authenticate user, using createConfirmDeviceCredentialIntent api.

The api is working fine when I have set up my device lock as pin/pattern/password or fingerprint. But, it's not working in the case of face unlock. I've set face unlock in my device and it's working fine when opening the device. But when I launch the intent using the above mentioned api, it's not recognizing face unlock but all the other things.

Is this a limitation of this api? or I've to do something extra to achieve this?

Can't find this anywhere so posting here.

Answer 1

Unfortunately, this isn't possible because unlocking using your face is part of the Smart Lock set of unlock tools.

Other methods of unlocking that fall under the Smart Lock category include:

• On-body detection
• Trusted places
• Trusted devices
• Trusted face (the method in question)
• Trusted voice

Because none of these are primitive security methods in Android, it does not make sense to allow these to be accessed using APIs.

If Smart Lock could be used with Keyguard, on-body detection would be in theory be able to grant access to an app, being in a trusted place (but not in the hands of a trusted person) and even trusted voice could be used.

Apple and Face ID can allow this because Face ID is a primitive security method for the iPhone X, as the data used to unlock the device is kept in the Secure Enclave, in the same way that Touch ID data is.

I hope this gives you enough reason as to why this isn't possible, and why it makes sense that this isn't possible.

Sources: Keyguard (stating unlock methods allowed to be used), Smart Lock, Face ID