On Oreo, biometrics can be used and stored only with a secure screen lock
With Android 8.0 Oreo, a big change is in order as far as biometrics on a Samsung device are concerned. Thanks to new compatibility rules implemented by Google in the latest version of Android, owners of Samsung devices will not be able to store their fingerprint, iris, or facial recognition data unless they use a secure screen lock such as a pattern, PIN, or password. Right now, if you switch back to an unsecured screen lock after adding your iris, face, or fingerprint, you can choose to keep and use biometrics inside Samsung Pay, Samsung Pass, and other apps and features that support them. With Oreo, that will not be possible.
Secure screen lock a must to keep biometric data on Oreo
The information comes from a document we have obtained, and indeed, we tested it out on a Galaxy S8+ running the Oreo beta and were able to confirm it. This doesn’t apply to those who are already using an insecure screen lock (‘swipe to unlock’, or the ‘none’ option that keeps the phone unlocked and skips the lock screen altogether) while having biometrics enabled for apps before they upgrade to Oreo. But switching back to an insecure screen lock on a device running Oreo after biometrics have been added will delete all biometric data. No option will be offered for keeping that data, as is the case on Nougat.
What does this mean? It means that should you want to use biometrics inside apps and features such as Samsung Pay or Samsung Pass, you must use a pattern or PIN to lock the device. It’s a good security measure, although it will be inconvenient for those of us who don’t prefer using biometrics to unlock their phone (yes, we do exist). Sadly, Samsung cannot skirt this rule as it is a part of the Android Compatibility Definition Document (CDD), which every manufacturer has to adhere to if it wants its devices to run Google’s apps and services.
The only way then, as mentioned above, is to make sure you have already set the screen lock type (in Settings » Lock screen and security) to swipe or none and saved your biometrics before you upgrade to Oreo. Thankfully, the Oreo update is still yet to arrive on any Samsung device, so you can go in prepared when the update hits. Well, unless you installed the Oreo beta on the Galaxy S8 or Galaxy S8+ without knowing about the new rule (which would be all of us), in which case you’re doomed to keeping your phone locked with a pattern, PIN, or password if you want to authenticate inside apps via iris, fingerprint, or facial recognition.
Are you among those users who keep their phone unlocked while using biometrics for other functionality? Tell us how you feel about the policy change on Android 8.0 Oreo.
Related: What’s New With Android 8.0 Oreo
11 Comments
Sign in »11
Leave a Reply
So I could not use my biometrics now because I don’t have a screen lock? No more biometrics unlocking for Secure Folder, No more biometrics for paying on the google play store, No more biometrics for using samsung pass, and lastly no more biometrics for using samsung pay because they’re disabled unless the user placed a screen lock. Samsung why? You’re all about options! Why forcing your users to do what you want. If I only knew upgrading my device to Oreo will be this headache, I should just stayed on Nougat. Bring it back Samsung, I thought your slogan… Read more »
Makes no difference Samsung are so slow with updates it’ll have changed by the time oreo reaches my S7 #sadbuttrue
From my experience this was implemented with nougat. Depending on the carrier (or unlocked) I suppose this may have had other options, I’ve had to remove my biometrics when changing between secure and insecure beyond android 6 on my S6 S7 Note7 S8 Note8 each have required me to have secure lock screen to use biometrics. I’ve loved Samsung Pay since my S6edge years ago, I’ve acutally abandoned root and (system level) mods to keep Knox fuse 0x0 and had this requirement ever since nougat to keep my finger/iris option installed.
This is Google’s move to further Google/Android Pay. Samsung’s position on this has been a hindrance to Google/Android Pay.
So, There isn’t any change at all unless you don’t use secure unlock which I assume just about everyone does. Those who prefer not to use bio-metrics should really think about the security of their devices. At least Google is trying to protect those dumb enough not to use it.
Tbh.. secure lockscreen should be mandatory
I don’t know a single person that uses it. Then again we don’t hang out around people we don’t trust. I use the fingerprint feature for payments.
There are actually quite a few people who don’t keep their phones locked with a password etc. And if you have the S8 or S8+ or Note 8, none of Samsung’s biometric security methods are as convenient as a front-facing fingerprint sensor, so coupling hard press home button to unlock with no password or biometrics equals quick access to the phone.
I have the Note8, and always use biometrics, it’s absolutely dumb not to. If and when you lose your phone you will realise it isn’t the smartest thing you’ve ever done……or not done, I should say.
Why is it dumb not to use biometrics in case the phone is lost or stolen? Unless you have prnos or unwanted stuff in your phone that you don’t want people to see that is.
Unfortunately, biometric or having a screen lock is a must but I owned a Galaxy S8 and none of its biometric position work for me. Totally a bummer. Unlike on my previous Galaxy S7e, its right on the home button.
I wonder why you calling these people who doesn’t use screen lock, dumb. I had screen lock for many years but I realize turning it off is way more convenient than aligning your face properly to use your irises or covering the entire reader with your finger because the fingerprint reader demands more time. I mean, what are you getting scared about? If you lost your phone, immediately access your phone through Googles’s Find My Phone feature to place a screenlock and a lockscreen message that it was a stolen phone. Or if you’re still not contented, the feature has… Read more »