Samsung to let developers tap into Galaxy S5 fingerprint scanner

Unlike Apple, which trusts no one to access fingerprints, Samsung Mobile SDK allows developers to tap into the biometrics and "make use of" the Galaxy S5 fingerprint reader.

With its fingerprint scanner and heart-rate sensor, Samsung's Galaxy S5 has been a headline grabber since the almost phablet-sized smartphone launched at Mobile World Congress. Both the Galaxy S5 fingerprint scanner and even the "wallet" API may sound like Apple copycat moves, but there are significant differences. Apple trusts no one except itself when it comes to accessing fingerprints, but Samsung has thrown open the access-fingerprints door to developers.

Samsung Galaxy S5

For scanned fingerprints, Apple uses a "secure enclave" in an "A7 chip. Here it's locked away from everything else, accessible only by the Touch ID sensor. It's never available to other software, and it's never stored on Apple servers or backed up to iCloud."

According to "new and upgraded developer tools," the Samsung Mobile SDK 1.5 beta1 will allow developers to tap into and "make use of" features such as the Galaxy S5 fingerprint reader. "The Samsung Mobile SDK 1.5 beta1 consists of 16 independent packages; including 'Pass' and 'Motion', which allow you to make use of the Finger Print and Activity Recognition features of the Samsung Galaxy S5.

So what is the Pass API? 

Pass allows you to use fingerprint recognition features in your application. With Pass, you can provide reinforced security, since you can identify whether the current user actually is the authentic owner of the device.

You can use the Pass package to: Request fingerprint recognition; cancel fingerprint recognition requests; verify whether the fingerprint of the current user matches the fingerprint registered on the device; register fingerprints through the Enroll screen.

Where Samsung stores that biometric data and how it would be transmitted are not yet clear, but it may be trying to kill off the traditional password. Samsung accomplished a first among smartphone makers as the Galaxy S5 fingerprint sensor uses the FIDO (Fast Identity Online) Alliance authentication standard and uses FIDO Ready software. PayPal and Samsung worked together so Galaxy S5 owners can use the fingerprint authentication to make payments; one swipe of a finger over the home button where the fingerprint scanner is embedded and a consumer is securely logged into PayPal in order to shop at any merchant that accepts PayPal on mobile and in stores.

PayPal provides a secure wallet in the cloud and doesn't store personal information on the device. Customers can use their finger to pay with PayPal from their new Galaxy S5 because the FIDO Ready software on the device securely communicates between the fingerprint sensor on their device and PayPal's service in the cloud. The only information the device shares with PayPal is a unique encrypted key that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal's servers.

Samsung's Galaxy 5 SDK also offers new APIs for "Accessory, Accessory File Transfer, Companion UI Profile, Health, Pass, Remote Sensor." According to documentation for "Remote Sensor," a developer can "get user activity data from the wearable device...When the user changes their activity, the remote sensor notifies you again, after 4 ~ 5 seconds (about 8 footsteps)." Developers can also get pedometer data every five minutes as well as check if the user is wearing a wearable device.

Other than that, what we know is that the Galaxy S5 comes in black, white, blue, or gold, has a 5.1-inch, 1920×1080 high-resolution 1080p display, a 16-megapixel camera, and is water-proof enough to withstand 30 minutes at the bottom of a 3-foot pond. It remains to be seen if developers will tap the fingerprint sensor for security purposes or if bad actors will try to get a piece of the action too.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2014 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022