Android’s Identity Check feature is set to receive an important enhancement in the upcoming Android 16 QPR2 update, aimed at bolstering the security of sensitive applications. This update will introduce a biometric-only authentication requirement for any app utilizing the biometric prompt, effectively eliminating the option of using screen lock credentials as a fallback method.
Enhanced Security Measures
This optional security feature is designed to thwart potential thieves who may have knowledge of your PIN, ensuring that access to sensitive applications remains strictly controlled when outside of a trusted location. The initial rollout of Identity Check was announced by Google late last year, providing a layer of protection by requiring biometric verification for certain actions when a device is not in a secure environment. For instance, if an unauthorized individual attempts to access saved passwords in Google Password Manager after snatching your phone, the system will demand biometric authentication, thereby safeguarding your information even if they possess your lock screen credentials.
With the recent beta release of Android 16 QPR2, users can now find a notification within the Settings > Security & privacy menu indicating that Identity Check is expanding its coverage to more applications. By tapping on “View details,” users are informed that utilizing Identity Check for all compatible apps enhances security and provides a seamless experience without requiring additional setup.
To fully appreciate the implications of this change, it is essential to understand the current operation of biometric authentication within Android. When an application seeks to verify a user’s identity, it can invoke Android’s biometric prompt API, which presents a system dialog requesting biometric input. Developers have the discretion to determine which types of biometrics are acceptable, the level of security required, and whether to allow screen lock credentials as a fallback option. While some applications permit this fallback to accommodate situations where biometric verification may be hindered—such as wearing gloves or masks—this practice inadvertently opens the door for unauthorized access by anyone familiar with the device’s screen lock credentials.
To mitigate this risk, Google is broadening the scope of Identity Check in the Android 16 QPR2 update to encompass any application that employs the biometric prompt API. When Identity Check is activated, attempts to access these applications will necessitate biometric authentication, thereby preventing unauthorized access to sensitive information outside of established trusted locations.
Identity Check is a component of Android’s Theft Protection suite, and like other features within this suite, it remains optional. Users wishing to activate this feature on their Pixel devices can navigate to Settings > Security & privacy > Device unlock > Theft protection > Identity check.
Looking ahead, Identity Check will also introduce the capability to utilize a smartwatch as a trusted unlock mechanism. In scenarios where the phone is located in an untrusted environment but is connected to a recognized smartwatch, the system may forgo the need for biometric authentication. Although this feature is not yet available, it is anticipated to be included in future beta releases.
