Testing Biometrics in Android Apps

pancy

Pan Chasinga

Posted on October 3, 2019

Testing Biometrics in Android Apps

Disclaimer: I’m working at HeadSpin developing SDKs and developer tools to make app-testing awesome.

Biometrics have been increasingly vital to the digital economy. In China, some grocery stores offer face detection at checking out instead of cash or credit card. Apps are using biometric authentication as a more secure and smoother experience for users to access information.

If you have been writing automated tests for Android apps, chances are you are not new to Appium and the use of XPath API to query app components and simulate users’ interactions.

However, if your app incorporates a biometric authentication, which has become more common even for non-financial apps, it is not possible to automate your way in. Unless you can programmatically simulate a fingerprint impression on the device (you cannot), there is no way to herald your test parade through the biometric gate without manually pressing your finger on the device.

One way you can think of is to write a dedicated mock activity that fakes the whole biometric charades. But you’re just eating your own dog food because what you fake in the mock is what you test, not the actual behavior.

Enter HeadSpin Biometric SDK

At HeadSpin, we make testing mobile apps simple. We think it should be easy to test your apps because nobody wants to spend the same amount of development time fidgeting with the tests. HeadSpin wants developers to focus on building apps and delighting their customers all over the world.

We came up with a developer-friendly solution to testing biometric apps on Android — an Android library! All you have to do is import a component from the library, swap it with whatever you’re using in your app code, and run on a real device and start remotely control the biometric authentication on your app through our provided HTTP endpoints. Yes, the good old REST API everyone knows and loves.

Check out the demo video below.

I was able to remotely log into my test app without having to use my fingerprint.

Using HeadSpin SDK’s version of FingerprintManager, I was able to remotely send HTTP POST request to one of the REST endpoints provided by HeadSpin’s platform to authenticate my app, as shown above.

Here is a snippet of a demo activity using HeadSpin’s HSFingerprintManager to enable remote biometric authentication instead of Android’s FingerprintManager. It took me only 2–3 lines of code to swap in the HS component, and the app can be authenticated normally as well as remotely.

DemoFingerprintActivity.java

Again it’s worth noting this is accomplished without human interventions.🤯

If you are looking into automating tests for biometric apps, look no further than HeadSpin.

p.s. I’m also working on support for the new BiometricPrompt and AndroidX supports for apps targeting Android P. and above in the next release of the SDK, so it’s looking exciting!

💖 💪 🙅 🚩
pancy
Pan Chasinga

Posted on October 3, 2019

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related