Biometric authentication may not be as secure as PINs or passwords, but its convenience is a big selling point for many consumers. The blazingly fast fingerprint scanner on OnePlus flagships has been hailed almost universally, but lately companies have turned to facial recognition technology as an alternative. For example, there’s the OnePlus 5T and the Honor 7X with their respective versions of a Face Unlock feature. Samsung phones also have facial recognition to unlock their devices, but the biometric authentication technology the company is most proud of is its iris scanner. Now, it looks like iris scanners might be coming to more Android phones in the future, as official support for them is added to Android.
Iris Scanners on Legacy Android Hardware
The first mainstream Android smartphone with an iris scanner was the ill-fated Samsung Galaxy Note 7. This technology later made its way to the Samsung Galaxy S8/S8+ and Galaxy Note 8. We also know that it will launch with the Samsung Galaxy S9. /S9+ and it will offer incremental hardware improvements, but combining it with facial recognition, the overall experience should improve. (There’s also a possibility of an iris scanner heading for an unannounced Samsung Galaxy phone, but that’s up in the air for now.)
For those of us who don’t have a Samsung Galaxy flagship, there aren’t many options when it comes to a smartphone with an iris scanner. In fact, there’s actually only one option, and the phone isn’t even available for sale yet: an obscure smartphone called the BitVault which is aimed at cryptocurrency enthusiasts.
BitVault: The self-proclaimed “World’s First Blockchain Phone”. Source: Swiss bank in your pocket.
This smartphone, accompanied by a smart phone without notice from a Japanese smartphone OEM, are the only non-Samsung Galaxy devices I know of that offer iris scanning. The chip that powers the iris scanners in these phones is the FPC Active IRIS by fingerprints.
You may never have heard of this company, but you’ve most likely used a smartphone that incorporates their technology. Some of the smartphones that use FPC’s fingerprint scanners include the Google Pixel, Honor 8 and Huawei Mate 9 Pro. Their fingerprint sensors are found on many other devices, including several from Xiaomi, so it’s safe to say that FPC is one of the leading providers of biometric authentication technology found in smartphones.
FPC fingerprint scanners on the home button, back and side of the device. Source: CPF.
So why is this company important? This is because many of their engineers have been work on incorporating native support for biometric iris scanners in Android. There are several commits here, all of which should be looked at together to get a good picture of what’s going on.
Iris Scanners in a future version of Android
Let’s start with the most important commit: the Iris HAL Biometrics Interface.
Including a HAL interface will standardize how the Android framework will communicate with Iris scanners. This means that products from multiple vendors, not just FPC themselves, will be able to run on Android. More importantly, it also opens up the possibility for AOSP-based ROMs to work generically with Iris scanning hardware. For example, the GSI Project Treble depend on it for the basic fingerprint scanner functionality to work immediately, so without it the new Exynos Samsung Galaxy S9 and Galaxy S9+ will not be able to use the Iris scanner on an AOSP ROM.
the SELinux Policies for Iris scanners are totally uninteresting for end users, but they are there if you want to take a look. The inclusion of the base Diaphragm function in Android will allow apps to detect if the device has an Iris scanner in place. Finally, the inclusion of the iris frame is what will allow third-party apps to use the Iris scanner for authentication in the future. Here are the relevant strings:
Iris scanner in frame
manage iris hardware Allows the app to invoke methods to add and delete iris templates for use. use iris hardware Allows the app to use iris hardware for authentication Couldn't process iris. Please try again. Iris is too bright. Please try in low light. Iris is too dark. Please uncover light source. Move further. Move closer. Open eyes. Open eyes wider. Iris hardware not available. Iris can't be stored. Please remove an existing iris. Iris time out reached. Try again. Iris operation canceled. Too many attempts. Try again later. Too many attempts. Iris sensor disabled. Try again. Iris %d Iris icon
In the framework manifest, the suggested permission titled “android.permission.USE_IRIS” has a “normal” level of protection, so third-party apps would indeed be able to request the permission and it would be up to the user to grant this.
Recently, another commit adds support for iris identification in the keycap. This is what will allow the user to scan their iris to close the lock screen. According to the commit, iris authentication only occurs as soon as the screen turns on to reduce power consumption. Additionally, the iris scanner may be disabled per Device Policy Manager if that authority (such as a workplace) considers the iris scanner to be an insecure method of authentication.
Something interesting about all of these commits is how in many places references to fingerprints in the Android framework are generic to refer to biometrics. This prepares Android for potentially additional methods of biometric authentication in the future, although it’s unclear what that might be.
I won’t bore you with the rest of the implementation details, so I’ll move on to discussing the importance of these commits. This means for Android that a future version of Android, probably Android P, will include native support for Iris scanning hardware. I say “likely” because the commits haven’t been merged yet. Changes are very time-consuming and can take a few weeks or even months to pass code review.
However, it’s very likely that it will for Android P, and there are even hints of the Iris scanner framework code having P-specific changes in place (like removing user info storage in /data/ system/ users and instead relocating them to a new /data/vendor directory, likely secondary to undisclosed Project Treble requirements).
Also, this appears to be full support for Iris scanners, although that doesn’t mean additional features won’t be added by other vendors (in fact, the comments explicitly mention this). The basic implementation is there, though, so we should expect to see future smartphones coming with Iris biometric scanners. However, there’s no evidence in these pledges that the Google Pixel 3 will have such a feature, so don’t assume any particular device will have an Iris scanner because of these changes.
Note: I have contacted FPC for comment on these changes, but have not received a response from them at the time of this article’s publication.