DEV Community: Nizamuddin Ali Ahmed The latest articles on DEV Community by Nizamuddin Ali Ahmed (@noncoderf). https://dev.to/noncoderf https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3407144%2Fca114d4c-3121-4324-8464-c47275695c24.jpeg DEV Community: Nizamuddin Ali Ahmed https://dev.to/noncoderf en Secure Your Android App with Biometric SDK in 5 Minutes πŸ” (Kotlin) Nizamuddin Ali Ahmed Sat, 02 Aug 2025 05:54:58 +0000 https://dev.to/noncoderf/secure-your-android-app-with-biometric-sdk-in-5-minutes-kotlin-4boh https://dev.to/noncoderf/secure-your-android-app-with-biometric-sdk-in-5-minutes-kotlin-4boh <h2> πŸ” Biometric SDK for Android </h2> <p><strong>A production-grade biometric authentication SDK designed for apps that demand trust.</strong><br><br> Ideal for fintech, banking, e-wallets, secure messaging, parental control, or any app requiring <strong>identity protection</strong> and <strong>transaction-level security</strong>.</p> <p>This SDK simplifies AndroidX biometric integration with modern Kotlin practices, supporting:</p> <ul> <li>Fingerprint</li> <li>Face Unlock</li> <li>Device Credential fallback (PIN/Pattern/Password)</li> </ul> <h2> Built for real-world apps where <strong>authentication reliability is non-negotiable</strong>. </h2> <h2> πŸš€ Key Features </h2> <ul> <li>βœ… Seamless integration with AndroidX Biometric APIs</li> <li>βœ… Supports Fingerprint, Face, and Device Credential fallback</li> <li>βœ… Designed for fintech, banking, and high-trust apps</li> <li>βœ… <code>NOT_ENABLED</code>, <code>ENABLED_AND_MANDATORY</code>, <code>ENABLED_BUT_NOT_MANDATORY</code> auth modes</li> <li>βœ… Lifecycle-safe: no biometric prompts while app is backgrounded</li> <li>βœ… Clean Kotlin interfaces β€” easy to test with MockK</li> <li>βœ… Pluggable, SDK-ready structure β€” ideal for JitPack/Maven distribution</li> </ul> <h2> πŸ“¦ Installation via JitPack </h2> <p>Use this SDK directly in your Android project using <strong>JitPack</strong>.</p> <h3> βœ… Step 1: Add JitPack to repositories </h3> <p>In your root-level <code>settings.gradle.kts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="nf">dependencyResolutionManagement</span> <span class="p">{</span> <span class="nf">repositories</span> <span class="p">{</span> <span class="nf">maven</span> <span class="p">{</span> <span class="n">url</span> <span class="p">=</span> <span class="nf">uri</span><span class="p">(</span><span class="s">"https://jitpack.io"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> βœ… Step 2: Add the SDK dependency </h3> <p>In your <strong>module-level</strong> <code>build.gradle.kts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="nf">implementation</span><span class="p">(</span><span class="s">"com.github.NoNCoderF:biometric-sdk:v1.0.3"</span><span class="p">)</span> </code></pre> </div> <h2> πŸ§‘β€πŸ’» Usage Guide </h2> <p>This SDK offers <strong>two flexible integration modes</strong> depending on your product's security needs:</p> <h3> πŸ” Mode 1: Identity Protection Mode (On-Demand Authentication) </h3> <blockquote> <p>Best for apps that want to secure <strong>specific features</strong> like viewing a profile, accessing settings, or opening sensitive notes.</p> </blockquote> <p>Biometric is triggered manually when the user takes a high-trust action.</p> <h4> βœ… Example: Trigger Auth Before Showing Profile </h4> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="k">private</span> <span class="kd">val</span> <span class="py">biometricAuthenticator</span><span class="p">:</span> <span class="nc">BiometricAuthenticator</span> <span class="k">by</span> <span class="nf">lazy</span> <span class="p">{</span> <span class="kd">val</span> <span class="py">biometricManager</span> <span class="p">=</span> <span class="nc">MyBiometricManagerImpl</span><span class="p">(</span> <span class="k">this</span><span class="p">,</span> <span class="s">"Unlock"</span><span class="p">,</span> <span class="s">"Unlock to use the app"</span> <span class="p">)</span> <span class="nc">BiometricAuthenticatorImpl</span><span class="p">(</span> <span class="n">biometricManager</span><span class="p">,</span> <span class="k">this</span> <span class="p">)</span> <span class="p">}</span> <span class="k">private</span> <span class="kd">val</span> <span class="py">biometricAuthHandler</span><span class="p">:</span> <span class="nc">BiometricAuthHandler</span> <span class="k">by</span> <span class="nf">lazy</span> <span class="p">{</span> <span class="nc">BiometricAuthHandler</span><span class="p">(</span> <span class="n">biometricAuthenticator</span> <span class="p">=</span> <span class="n">biometricAuthenticator</span><span class="p">,</span> <span class="n">requirement</span> <span class="p">=</span> <span class="p">{</span> <span class="nc">AuthenticationRequirement</span><span class="p">.</span><span class="nc">ENABLED_AND_MANDATORY</span> <span class="p">},</span> <span class="n">bypass</span> <span class="p">=</span> <span class="p">{</span> <span class="k">false</span> <span class="p">},</span> <span class="p">)</span> <span class="p">}</span> <span class="c1">//On user action</span> <span class="c1">// Evaluate biometric flow dynamically</span> <span class="k">when</span> <span class="p">(</span><span class="n">biometricAuthHandler</span><span class="p">.</span><span class="nf">evaluate</span><span class="p">())</span> <span class="p">{</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">BYPASS</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// Biometric is turned off or bypassed manually</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">PROMPT_SKIPPED</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// App not in foreground, or biometric not required in this state</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">SECURITY_NOT_PRESENT</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// Device doesn't support biometric OR no credential fallback</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">SETUP_REQUIRED</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// Biometric is supported but user hasn't enrolled β€” suggest settings intent</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">AUTHENTICATE</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="n">biometricAuthenticator</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> πŸ’³ Mode 2: Transaction-Level Security (Automatic Per-Screen Auth) </h3> <blockquote> <p>Use this when your app needs <strong>biometric protection for every screen or session</strong>, like banking apps, parental control, or work-profile locked apps.</p> </blockquote> <p>Biometric prompts auto-trigger as the user navigates the app.</p> <h4> βœ… Step 1: Register AppVisibilityTracker (Once) </h4> <p>In your <code>Application</code> or base <code>Activity</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="k">override</span> <span class="k">fun</span> <span class="nf">onCreate</span><span class="p">()</span> <span class="p">{</span> <span class="k">super</span><span class="p">.</span><span class="nf">onCreate</span><span class="p">()</span> <span class="nc">ProcessLifecycleOwner</span><span class="p">.</span><span class="k">get</span><span class="p">().</span><span class="n">lifecycle</span><span class="p">.</span><span class="nf">addObserver</span><span class="p">(</span><span class="nc">AppVisibilityTracker</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h4> βœ… Step 2: Create a <code>BaseBiometricActivity</code> </h4> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="k">abstract</span> <span class="kd">class</span> <span class="nc">BaseBiometricActivity</span> <span class="p">:</span> <span class="nc">AppCompatActivity</span><span class="p">()</span> <span class="p">{</span> <span class="k">private</span> <span class="kd">val</span> <span class="py">biometricAuthenticator</span><span class="p">:</span> <span class="nc">BiometricAuthenticator</span> <span class="k">by</span> <span class="nf">lazy</span> <span class="p">{</span> <span class="kd">val</span> <span class="py">biometricManager</span> <span class="p">=</span> <span class="nc">MyBiometricManagerImpl</span><span class="p">(</span> <span class="k">this</span><span class="p">,</span> <span class="s">"Unlock"</span><span class="p">,</span> <span class="s">"Unlock to use the app"</span> <span class="p">)</span> <span class="nc">BiometricAuthenticatorImpl</span><span class="p">(</span> <span class="n">biometricManager</span><span class="p">,</span> <span class="k">this</span> <span class="p">)</span> <span class="p">}</span> <span class="k">private</span> <span class="kd">val</span> <span class="py">biometricAuthHandler</span><span class="p">:</span> <span class="nc">BiometricAuthHandler</span> <span class="k">by</span> <span class="nf">lazy</span> <span class="p">{</span> <span class="nc">BiometricAuthHandler</span><span class="p">(</span> <span class="n">biometricAuthenticator</span> <span class="p">=</span> <span class="n">biometricAuthenticator</span><span class="p">,</span> <span class="n">requirement</span> <span class="p">=</span> <span class="p">{</span> <span class="nc">AuthenticationRequirement</span><span class="p">.</span><span class="nc">ENABLED_AND_MANDATORY</span> <span class="p">},</span> <span class="n">bypass</span> <span class="p">=</span> <span class="p">{</span> <span class="k">false</span> <span class="p">},</span> <span class="p">)</span> <span class="p">}</span> <span class="k">override</span> <span class="k">fun</span> <span class="nf">onResume</span><span class="p">()</span> <span class="p">{</span> <span class="k">super</span><span class="p">.</span><span class="nf">onResume</span><span class="p">()</span> <span class="c1">// Evaluate biometric flow dynamically</span> <span class="k">when</span> <span class="p">(</span><span class="n">biometricAuthHandler</span><span class="p">.</span><span class="nf">evaluate</span><span class="p">())</span> <span class="p">{</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">BYPASS</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// Biometric is turned off or bypassed manually</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">PROMPT_SKIPPED</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// App not in foreground, or biometric not required in this state</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">SECURITY_NOT_PRESENT</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// Device doesn't support biometric OR no credential fallback</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">SETUP_REQUIRED</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="c1">// Biometric is supported but user hasn't enrolled β€” suggest settings intent</span> <span class="p">}</span> <span class="nc">BiometricDecision</span><span class="p">.</span><span class="nc">AUTHENTICATE</span> <span class="p">-&gt;</span> <span class="p">{</span> <span class="n">biometricAuthenticator</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Then extend it across your app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="kd">class</span> <span class="nc">DashboardActivity</span> <span class="p">:</span> <span class="nc">BaseBiometricActivity</span><span class="p">()</span> </code></pre> </div> <h3> 🧭 Use Case Table </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Use Case</th> <th>Recommended Mode</th> </tr> </thead> <tbody> <tr> <td>Secure a settings/profile page</td> <td>πŸ” Identity Protection (Mode 1)</td> </tr> <tr> <td>Authenticate before money transfer</td> <td>πŸ’³ Transaction-Level (Mode 2)</td> </tr> <tr> <td>Lock every screen or session</td> <td>πŸ’³ Transaction-Level (Mode 2)</td> </tr> </tbody> </table></div> <p>πŸ’‘ Use one mode or both β€” the SDK adapts to your product’s security needs.</p> <h2> πŸ§ͺ Testing </h2> <ul> <li>πŸ” Built for testability using dependency injection</li> <li>βœ… Easily mock <code>BiometricAuthenticator</code> with <a href="https://mockk.io" rel="noopener noreferrer">MockK</a> </li> <li>🧼 <code>AppVisibilityTracker</code> is stateless and safe to test</li> </ul> <h2> πŸ“œ License </h2> <p>MIT License β€” free for commercial and non-commercial use.<br><br> Just give credit where it’s due ❀️</p> <h2> πŸ‘¨β€πŸ’» Author </h2> <p>Built with ❀️ by <a href="https://github.com/NoNCoderF" rel="noopener noreferrer">Nizamuddin Ahmed</a><br><br> Contributions, issues, and stars are always welcome ⭐</p> android kotlin security opensource