Last updated: Sep 14, 2020 11:58
Testing flow for fingerprint authentication
When testing or automating an application that uses face ID or Fingerprint authentication, either manually or as part of an automation script, make sure to follow this flow:
Select the device on which to run the application. Be sure that the device selected supports the desired authentication feature.
Install the application onto the device. Use Perfecto's sensor instrumentation to prepare the application for testing/automation.
Start the application.
When the application reaches the point of authentication (that is when the authentication form opens), do the following:
Make sure that the application has responded to the authentication result as expected.
The following error messages may appear as a result of using the interactive sensor authentication simulation feature:
Target application is not instrumented - will appear if you activate the injection when the active application is not instrumented for sensor authentication simulation.
Operation timed out - will appear if you activate the injection when the application is not accessing the sensor reader.
Fingerprint command not supported - will appear if the device does not support the sensor reader hardware or is running a version of the device OS that does not support the functionality.
Fingerprint simulation works with any Android or iOS device that supports the hardware fingerprint reader.
FaceId works only on iOS devices that support face identification (iPhone X and later).
To activate the functionality from an Appium script, do the following:
To install the application:
If installing the application as part of the driver creation, add the following capability setting:
If installing with the Perfecto command
mobile:application:install, supply the
sensorInstrumentparameter with a value of
To simulate the sensor reader:
At the point where the script needs to simulate the sensor reader:
Identify that the application is prompting the user to identify through the sensor reader.
If the automation script is simulating a failure result (meaning the
resultAuth parameter is set to
errorType parameter indicates more information on why the authentication failed. This allows the script to activate different failure scenarios. The error types supported include:
authFailed - indicates that the fingerprint was not recognized and therefore not authenticated.
userFallback - indicates that the user selected an option to provide a different authentication method, for example using a password.
userCancel - indicates that the user selected an option to cancel the authentication.
systemCancel - indicates that the system cancelled the authentication.
lockout - indicates that this is a multiple-failure scenario and the user account should be locked.
Special considerations for iOS devices
As mentioned above, iOS requires that the device undergo an "enrollment" procedure with the Touch ID or Face ID service, prior to using the authentication hardware.
If the device has been enrolled with the identification service, then the procedure detailed above will work as described.
If the device has not yet been enrolled, the OS will not prompt the user to provide an authentication, and the Perfecto system will intercede and provide a prompt (see below) that can be identified either with Visual Analysis or as an object.
Special considerations for Android devices
On Android, Perfecto supports injecting fingerprints to apps using the legacy Finterprint API as well as the newer Biometric API (supporting API levels 28 and 29).
When testing apps using the legacy Fingerprint API, there is no need to physically enroll the device to fingerprint. However, to test apps using the Biometric API, the device must undergo a fingerprint enrollment procedure for fingerprint injection to work.
When injecting fingerprint authentication results to the app, the app behavior varies according to the API used:
- For apps using the Fingerprint API, the normal app/OS authentication popups will appear.
- For apps using the Biometric API level 29, due to technical reasons, a custom Perfecto popup is used to indicate that authentication is needed (and not the normal OS popup). When fingerprint injection fails, a text message indicates the result.
- To test how the app responds when a user has been locked out, you can inject the error code explicitly by using the fingerprint injection command with the
errorTypeparameter set to
Lock Out. For more information, see Set fingerprint.
At this point, the command has the following limitations:
- The feature is supported for:
- All iOS versions supported by Perfecto
- Android devices running version 6.0 and later
- The feature is not supported for applications created with the Xamarin environment when using the Secure Keychain interface library.
- The feature is designed to allow testing how an app responds to various authentication results and not to test how the OS behaves. It is not designed to test the mobile OS behavior. For example, each mobile OS may decide to lock the user out of subsequent authentication attempts after a certain number of failed attempts. However, when using this feature, authentication does not go through the OS itself. Therefore, the automatic OS behavior will not apply. To test how the app responds to a case where the user has been locked out, Perfecto supports injecting this error code explicitly using the fingerprint injection command.