14 DAY TRIAL // Google intends to use biometrics instead of two-factor authentication on Android devices, since it would mean that users no longer need to remember passwords, and the phone’s security level could be significantly increased. Google might make this authentication method available by the end of this year.
The first mention of Project Abacus was made one year ago, during the Google I/O 2015, when the company announced that it was working on a new authentication method for Android smartphones. But not much information surfaced until this year’s edition of the event. On Friday afternoon, Google’s ATAP (Advanced Technology and Projects) research unit chief Daniel Kaufman made some statements on the status of Project Abacus.
Project Abacus aims to remove password and PIN authentication, in favor of biometrics. As it seems, the user would unlock devices or sign into applications based on a “Trust Score.” The score is calculated by taking into account multiple factors, like typing patterns, location, speed, voice patterns, and even facial recognition.
A while back, Google implemented a somewhat similar technology on devices running Android 5.0 and up, called “Smart Lock,” which automatically locks/unlocks the device when the user is in a trusted location, has a secure Bluetooth device connected or when the device recognizes the user’s facial characteristics.
Trust API will undergo testing at banks starting June
Project Abacus is the upgraded version of Smart Lock, in the sense that it runs in the background and continuously collects data using sensors incorporated in the phone. The score ensures a higher security level on the smartphone, and if the trust score is low, apps could revert to asking users for their password. Some applications like banks could require different levels of Trust Score.
Google’s ATAP worked on transposing this idea into the Trust API, which will begin testing at banks next month. If all goes well, Trust API will be distributed to Android developers by the end of this year. This could offer a new way of securing applications and content, as apps could automatically lock even if someone other than the owner managed to gain access inside the phone.
It remains to be seen how Android users will react to this new way of authentication. The advantages are clear: no more remembering passwords or PIN and increased security. But on the other hand, Trust API will be collecting sensitive data like typing or walking patterns, user location, and facial characteristics.