Fingerprint SDK / API: Building Blocks for Fingerprint Integration on Phones

Biometrics has made a significant progress during the last decade. Once limited to highly specialized applications in law enforcement, forensics, and high security access control, this technology has now made it to our everyday life, making personal identification simpler and efficient. Adoption of biometrics for government applications like passport, civil identification and national ID has given enough confidence to other organizations to implement this technology. Many developing and developed nations are using biometrics as their primary identification method for identifying citizens in several identity applications. In private sector as well, many businesses have replaced their traditional identity practices with biometrics for a number of applications like employee attendance, customer identification, KYC compliances, etc. Once a biometric application is in place, it can be used for employees as well as customers. There is no need to setup separate hardware for different group of people like in manual practice we need to maintain an employee register and visitor’s book separately.

Integrating a fingerprint sensor on smartphones for user identification and authentication is an increasing trend. This trend is more evident after the launch of the Apple’s iPhone 5s, however, it was not the first phone launched with a fingerprint sensor. The first phone with a fingerprint sensor was introduced by Toshiba. The Japanese technology firm led the way to mobile biometrics but unfortunately this device could not be much popular. Later in year 2011, Motorola launched Atrix, first Android phone with a rear mounted fingerprint sensor. Motorola Atrix was launched with Android OS’s version 2.2 (Froyo) that did not have native support for fingerprint sensors. This attempt from Motorola could not give enough push to mobile biometrics and did not get the recognition it deserved.

Since the launch of the iPhone, it has been evident that innovations do not get recognition until they make it to an iPhone. Apple launched its first device with a fingerprint sensor in 2013: the iPhone 5s. Apple used customized hardware and software solution for fingerprint recognition, which it calls Touch ID. With Touch ID, users were able to unlock iPhone just by scanning their fingerprints and authenticate purchases on apple’s digital media stores like App Store, iTunes Store and iBook Store. It induced other manufacturers to introduce fingerprint sensor on their smartphones. Following Apple’s footsteps, Samsung launched Galaxy S5 with fingerprint sensor. Google also released Android 6.0 Marshmallow in October 2015 that had native support for fingerprint sensor integration.

Limited to flagship devices initially, fingerprints scanners soon became a popular feature on mobile devices. Identifying the trend, manufacturers started offering the piece of biometric hardware on mid-end and even low-end smartphones. But the real potential of fingerprint hardware could be leveraged only if third party app makers could integrate the authentication ability within their apps. Initially, both iOS and Android did not let third party apps access the fingerprint hardware and data. With technical advancement and improvements in biometric data security, both the OS makers eventually allowed third party apps to access and utilize the feature.

Apple opened doors for third party app developers to integrate Touch ID authentication within their app with the launch of iOS 8. Since Apple manufacture both, the hardware as well as the software of the iPhone. It was easier for it to manage the security. Google had a different approach with Android. Since Android is an open source project and is used by different manufacturers as they please. Manufacturers even customize the OS and introduce it with their proprietary apps and features on top of the core OS. Android lets manufacturers develop their own APIs if they want to integrate a fingerprint scanner on the devices or they can use the generic API of Android.

To allow third party applications to access a service, service providers often release APIs so that third party apps could communicate with service. This software to software communication can take place on a single device (e.g. a PC) or a device can send a request over the internet to a remotely located service/software. APIs can be implemented with the help of an SDK, which is provided by the service provider who allows extern apps to access its service. SDK (Software Development Kit) and API (Application Programming Interface) are common terms that app developers often encounter during their coding and development process. There are many software and services developed and owned by different technology companies and some of them took several years to complete.

These tech firms want their services to be popular and used by as many external apps as possible. They can offer these services with free, paid or freemium modal. As a free service, it gives service providers a chance to test the service and engage more and more developers to write apps leveraging their ecosystem. It is not possible for an app developer to write everything from scratch. Present day applications offer a wide range of functionality that would not be possible to be coded and setup from the beginning. For example, if a clock app wants to display weather information on its widget, the developer does not have to build a whether sensing systems, and process whether data. It can just leverage any of the widely available free APIs like AccuWeather API or OpenWeather API to fetch weather information and can customise how this data displays on its widget.

So an application programming interface (API) is a specification intended to be used as an interface by software components to communicate with each other. An API may include specifications for routines, data structures, object classes, and variables. APIs can be language dependent or language independent. Language dependent APIs can only be used in the application written in a specific language. It uses the particular syntax and elements of the programming language to make the API convenient to use in this particular context. Language independent APIs are written in a way that they can be used by any application regardless of the programming language used in coding. Most service-style APIs are language independent which are available as a remote procedure call. For example: Google Maps API

SDK or the Software Development Kit, on the other hand, is a set of tools that can be used to develop software applications for a particular platform. For example, to develop android application, a developer needs to download android SDK from the Android Developers website. SDKs include various tools, libraries, documentation and sample code that help app developers to write applications.

Top technology corporations have been focusing on building ecosystem of integrated services, which can communicate with each other and data is seamlessly shared among them. It requires engagement of a large community of developers to develop apps and service and their integration with other services. Tech firms try their best to persuade developers to build for their ecosystems, so that the more and more services could be integrated to make the ecosystems grow. They provide training material, videos, SDKs, APIs, tools and help for developers. The same applies on biometric software solution firms. Biometric software firms want developers to use their SDK and APIs to grow their market presence and revenue.

To integrate fingerprint hardware, developers would require fingerprint SDK that will allow them to access fingerprint hardware features and API, which can communicate with other software or services. For example, to integrate fingerprint hardware with an Android app, a developer needs to get the Android SDK and target API level. API level is determined by the Android versions the app wants to have compatibility with. SDKs and APIs are often available on software/service provider’s website and can be downloaded by anyone. In cloud biometrics, applications integrated with fingerprint sensors need to communicate with remote servers on each request. This communication is made possible by APIs. Biometrics as a Service or cloud biometrics service providers also provide APIs that can communicate with external services and software.

Some device hardware manufacturers like Samsung provide SDK and API for their devices to securely integrate apps with fingerprint hardware. User can use Android’s generic API or devices manufacturer’s APK as required. Apple also provides iOS SDK and Touch ID API for fingerprint authentication.

Fingerprint SDK and API, both are important to integrate an application with fingerprint hardware. SDK provides all the tools, function libraries, sample code that may be required during the development process. APIs enable developers to use a functionality or service that has been already built by the API provider. Most big corporations like Microsoft, Facebook, Amazon, Apple, and Google provide their APIs on their developer portals, which can be freely downloaded and used. Sharing services through APIs enable corporations to expand their presence and increase revenue. According to programmableweb.com, there are more than 12,000 APIs offered by tech firms. Expedia.com generates 90% of its revenue by APIs. Google offers volume based plans, where free plans can handle a limited numbers of requests to its services while paid users can enjoy extended benefits. With the rise of biometrics, there are many biometric software solutions providers that offer Fingerprint SDK and APIs to enable developers to integrate fingerprint hardware with their apps or services.