On Oreo, biometrics can be used and stored only with a secure screen lock

Home / News / On Oreo, biometrics can be used and stored only with a secure screen lock

With Android 8.0 Oreo, a big change is in order as far as biometrics on a Samsung device are concerned. Thanks to new compatibility rules implemented by Google in the latest version of Android, owners of Samsung devices will not be able to store their fingerprint, iris, or facial recognition data unless they use a secure screen lock such as a pattern, PIN, or password. Right now, if you switch back to an unsecured screen lock after adding your iris, face, or fingerprint, you can choose to keep and use biometrics inside Samsung Pay, Samsung Pass, and other apps and features that support them. With Oreo, that will not be possible.

Secure screen lock a must to keep biometric data on Oreo

The information comes from a document we have obtained, and indeed, we tested it out on a Galaxy S8+ running the Oreo beta and were able to confirm it. This doesn’t apply to those who are already using an insecure screen lock (‘swipe to unlock’, or the ‘none’ option that keeps the phone unlocked and skips the lock screen altogether) while having biometrics enabled for apps before they upgrade to Oreo. But switching back to an insecure screen lock on a device running Oreo after biometrics have been added will delete all biometric data. No option will be offered for keeping that data, as is the case on Nougat.

What does this mean? It means that should you want to use biometrics inside apps and features such as Samsung Pay or Samsung Pass, you must use a pattern or PIN to lock the device. It’s a good security measure, although it will be inconvenient for those of us who don’t prefer using biometrics to unlock their phone (yes, we do exist). Sadly, Samsung cannot skirt this rule as it is a part of the Android Compatibility Definition Document (CDD), which every manufacturer has to adhere to if it wants its devices to run Google’s apps and services.

The only way then, as mentioned above, is to make sure you have already set the screen lock type (in Settings » Lock screen and security) to swipe or none and saved your biometrics before you upgrade to Oreo. Thankfully, the Oreo update is still yet to arrive on any Samsung device, so you can go in prepared when the update hits. Well, unless you installed the Oreo beta on the Galaxy S8 or Galaxy S8+ without knowing about the new rule (which would be all of us), in which case you’re doomed to keeping your phone locked with a pattern, PIN, or password if you want to authenticate inside apps via iris, fingerprint, or facial recognition.

Are you among those users who keep their phone unlocked while using biometrics for other functionality? Tell us how you feel about the policy change on Android 8.0 Oreo.

Related: What’s New With Android 8.0 Oreo

Phones 8
Related newsLatest news
8 Comments

Leave a Reply

15 days 22 hours ago
John Luttrell

Makes no difference Samsung are so slow with updates it’ll have changed by the time oreo reaches my S7 #sadbuttrue

A2theC
16 days 5 hours ago
A2theC

From my experience this was implemented with nougat. Depending on the carrier (or unlocked) I suppose this may have had other options, I’ve had to remove my biometrics when changing between secure and insecure beyond android 6 on my S6 S7 Note7 S8 Note8 each have required me to have secure lock screen to use biometrics. I’ve loved Samsung Pay since my S6edge years ago, I’ve acutally abandoned root and (system level) mods to keep Knox fuse 0x0 and had this requirement ever since nougat to keep my finger/iris option installed.

dudeman456
16 days 16 hours ago
dudeman456

This is Google’s move to further Google/Android Pay. Samsung’s position on this has been a hindrance to Google/Android Pay.

Biransahin
16 days 21 hours ago
Biransahin

So, There isn’t any change at all unless you don’t use secure unlock which I assume just about everyone does. Those who prefer not to use bio-metrics should really think about the security of their devices. At least Google is trying to protect those dumb enough not to use it.

dudeman456
16 days 16 hours ago
dudeman456

I don’t know a single person that uses it. Then again we don’t hang out around people we don’t trust. I use the fingerprint feature for payments.

siddhant11911
16 days 19 hours ago
siddhant11911

Tbh.. secure lockscreen should be mandatory

Top