Many mobile devices now support a fingerprint reader as part of their hardware features. Using the fingerprint reader, applications can better authenticate the user's identity. This is used both by the operating system, when opening the device and by applications, for example financial and medical applications, that require conclusive identification before accessing sensitive records.
Perfecto offers support for testing and automation of these applications on Perfecto Lab devices. When testing an application dependent upon the fingerprint reader, the main testing feature is to check the ability of the application to address the two scenarios:
- User is successfully identified.
- User is not authenticated by his fingerprint.
To cover these scenarios, Perfecto supports an extension command, supported by the REST API, Appium automation, UFT integration, Native Automation, and Perfecto's Manual testing interface, that can be used at the point of authentication to supply the different authentication results.
When testing or automating an application that accesses the fingerprint reader, use the following general procedure:
- Select the device to run the application on. Be sure that the device selected supports the fingerprint reader hardware.
- Install the application onto the device. Use Perfecto's fingerprint instrumentation to prepare the application for testing/automation.
- Start the application.
- When the application reaches the point of authentication, invoke the Set fingerprint command to supply the authentication response.
Many devices will prompt the user, with a popup, to touch the fingerprint reader. An automation script should check that the prompt appears.
- Check the different branches of the application.
The following error messages may appear as a result of using the interactive fingerprint simulation feature:
- Target application is not instrumented - will appear if you activate the Fingerprint widget when the active application is not instrumented for fingerprint simulation.
- Operation timed out - will appear if you activate the Fingerprint widget when the application is not accessing the fingerprint reader.
- Fingerprint command not supported - will appear if the device does not support the fingerprint reader hardware, or is running a version of the device OS that does not support the functionality.
Selecting the Device
Fingerprint simulation will work with any Android or iOS device that supports the hardware fingerprint reader. For iOS, verify that the device is running iOS 9 or later..
In addition, iOS devices should normally be enrolled with the TouchID service for the fingerprint reader to be activated in the application. But if the Perfecto Lab device is not enrolled, the simulation software will intercede at the point that the instrumented application activates the fingerprint reader and allow the tester or automation script to activate the simulation command.
Installing and Running the Application
The following subsections will explain how to install the application with Fingerprint Instrumentation, run the application, and using the Set Fingerprint command (to simulate the user touching the fingerprint reader) in the different environments.
To activate the functionality from an Appium script do the following:
Installing the application
>> When installing the application as part of the driver creation add the following capability setting:
>> If installing with the mobile:application:install Perfecto command, supply the sensorInstrument parameter, set to "sensor".
Simulating fingerprint reader
>> At the point where the script needs to simulate the fingerprint reader,
- Identify that the application is prompting the user to touch the fingerprint reader.
- Run the mobile:fingerprint:set command:
If the automation script is simulating a failure result (meaning the resultAuth parameter is set to fail) - the errorType parameter indicates more information on why the authentication failed. This allows the script to activate different failure scenarios. The error types supported include:
- authFailed - indicates that the fingerprint was not recognized and therefore not authenticated.
- userFallback - indicates that user selected an option to provide a different authentication method, for example using a password.
- userCancel - indicates that user selected an option to cancel the authentication.
- systemCancel - indicates that system cancelled the authentication.
- lockout - indicates that this is a multiple-failure scenario and the user account should be locked.
Special Considerations for iOS Devices
As mentioned above, iOS requires that the device undergo an "enrollment" procedure with the Touch ID service, prior to using the fingerprint reader.
If the device has been enrolled with the Touch ID service, then the procedure detailed above will work as described.
If the device has not yet been enrolled, the OS will not prompt the user to provide a fingerprint, and the Perfecto system will intercede and provide a prompt (see below) that can be identified either with Visual Analysis or as an object.
New Interactive Feature
Interactive fingerprint simulation introduces a new feature to the Interactive testing interface.
- Fingerprint widget - The right panel of the Interactive tab includes a new Fingerprint widget (see below in blue box) at the top.
Use this widget to invoke the Set fingerprint functionality. The widget should be used when the application tries to access the fingerprint reader to supply the simulated result.
Installing the application
When installing the application that requires fingerprint functionality, check the "Sensor instrumentation" option.
Simulating fingerprint reader
When application accesses the fingerprint reader, the device will display a prompt to supply the fingerprint.
Click the Fingerprint widget and supply the simulated result: Passed or Failed.
Native Automation/UFT Support
For Perfecto Native Automation or UFT scripts to use the new functionality -
>> In the Install application command - set the advanced "Sensor instrumentation" parameter to true.
>> Add a call to the Application -> Set fingerprint command to the script at the point where the automation should authenticate a user.
- Supply either the application name or application identifier for the application (that was instrumented) being tested.
- Supply the simulated return value - true indicates that fingerprint is authenticated and false indicates fingerprint not authenticated
At this point, the command has the following limitations:
- There is no reset function for the simulation. If there is a need to run the application with direct activation of the fingerprint reader, you need to reinstall the application without the instrumentation.
- The feature is supported for
- iOS devices running iOS 9.0+
- Android devices running version 6.0+
- The feature is only supported for devices that support the fingerprint reader interface.