Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Sep 14, 2020 11:58

Many mobile devices now support hardware features that authenticate the user by reading a fingerprint or by analyzing the user's photo as captured by the device camera. Using these features, applications can better authenticate the user's identity. This is used both by the operating system, when opening the device, and by applications, for example financial and medical applications that require conclusive identification before accessing sensitive records.

Perfecto offers support for testing and automation of these applications on Perfecto Lab devices. When testing an application dependent upon the authentication hardware, the main feature to test is  the ability of the application to address the following scenarios:

  • The user is successfully identified.
  • The user is not authenticated by the sensor.

To cover these scenarios, Perfecto supports fingerprint injection (via manual testing as well as an Appium extension) that can be used at the point of authentication to supply the different authentication results.

On this page:

Testing flow for fingerprint authentication

When testing or automating an application that uses face ID or Fingerprint authentication, either manually or as part of an automation script, make sure to follow this flow:

  1. Select the device on which to run the application. Be sure that the device selected supports the desired authentication feature.

  2. Install the application onto the device. Use Perfecto's sensor instrumentation to prepare the application for testing/automation.

  3. Start the application.

  4. When the application reaches the point of authentication (that is when the authentication form opens), do the following:

    • If testing manually, trigger the desired authentication result by using the options available with the fingerprint/face ID option. For more information, see Inject a fingerprint or face ID.

    • If using automation, invoke the Set sensor authentication command to supply the authentication response.

  5. Make sure that the application has responded to the authentication result as expected.

Error messages

The following error messages may appear as a result of using the interactive sensor authentication simulation feature:

  • Target application is not instrumented - will appear if you activate the injection when the active application is not instrumented for sensor authentication simulation.

  • Operation timed out - will appear if you activate the injection when the application is not accessing the sensor reader.

  • Fingerprint command not supported - will appear if the device does not support the sensor reader hardware or is running a version of the device OS that does not support the functionality.

Device prerequisites

Fingerprint simulation works with any Android or iOS device that supports the hardware fingerprint reader.

FaceId works only on iOS devices that support face identification (iPhone X and later).

Appium support

To activate the functionality from an Appium script, do the following:

To install the application:

  • If installing the application as part of the driver creation, add the following capability setting:

    capabilities.setCapability("sensorInstrument", true);
  • If installing with the Perfecto command mobile:application:install, supply the sensorInstrument parameter with a value of "sensor".

    Map<String, Object> params = new HashMap<>(); // use either the "identifier" or "name" parameter to identify the app params.put("sensorInstrument", "sensor"); // <<additional parameters to identify the application to install>> ooo driver.executeScript("mobile:application:install", params);

To simulate the sensor reader:

At the point where the script needs to simulate the sensor reader:

  1. Identify that the application is prompting the user to identify through the sensor reader.

  2. Run the mobile:sensorAuthentication:set command:

    Map<String, Object> params = new HashMap<>();
    // use either the "identifier" or "name" parameter to identify the app
    params.put("identifier", <application package identifier>); 
    params.put("resultAuth", "fail");  // may be either "fail" or "success"
    params.put("errorType", " lockout");  // may be authFailed, userCancel, userFallback, systemCancel, or lockout
    driver.executeScript("mobile:sensorAuthentication:set", params);

If the automation script is simulating a failure result (meaning the resultAuth parameter is set to fail), the errorType parameter indicates more information on why the authentication failed. This allows the script to activate different failure scenarios. The error types supported include:

  • authFailed - indicates that the fingerprint was not recognized and therefore not authenticated.

  • userFallback - indicates that the user selected an option to provide a different authentication method, for example using a password.

  • userCancel - indicates that the user selected an option to cancel the authentication.

  • systemCancel - indicates that the system cancelled the authentication.

  • lockout - indicates that this is a multiple-failure scenario and the user account should be locked.

Special considerations for iOS devices

As mentioned above, iOS requires that the device undergo an "enrollment" procedure with the Touch ID or Face ID service, prior to using the authentication hardware.

If the device has been enrolled with the identification service, then the procedure detailed above will work as described.

If the device has not yet been enrolled, the OS will not prompt the user to provide an authentication, and the Perfecto system will intercede and provide a prompt (see below) that can be identified either with Visual Analysis or as an object.

Special considerations for Android devices

On Android, Perfecto supports injecting fingerprints to apps using the legacy Finterprint API as well as the newer Biometric API (supporting API levels 28 and 29).

When testing apps using the legacy Fingerprint API, there is no need to physically enroll the device to fingerprint. However, to test apps using the Biometric API, the device must undergo a fingerprint enrollment procedure for fingerprint injection to work.

When injecting fingerprint authentication results to the app, the app behavior varies according to the API used:

  • For apps using the Fingerprint API, the normal app/OS authentication popups will appear.
  • For apps using the Biometric API level 29, due to technical reasons, a custom Perfecto popup is used to indicate that authentication is needed (and not the normal OS popup). When fingerprint injection fails, a text message indicates the result.
  • To test how the app responds when a user has been locked out, you can inject the error code explicitly by using the fingerprint injection command with the errorType parameter set to Lock Out. For more information, see Set fingerprint.

Known limitations

At this point, the command has the following limitations:

  • The feature is supported for:
    • All iOS versions supported by Perfecto
    • Android devices running version 6.0 and later
  • The feature is not supported for applications created with the Xamarin environment when using the Secure Keychain interface library.
  • The feature is designed to allow testing how an app responds to various authentication results and not to test how the OS behaves. It is not designed to test the mobile OS behavior. For example, each mobile OS may decide to lock the user out of subsequent authentication attempts after a certain number of failed attempts. However, when using this feature, authentication does not go through the OS itself. Therefore, the automatic OS behavior will not apply. To test how the app responds to a case where the user has been locked out, Perfecto supports injecting this error code explicitly using the fingerprint injection command.