On Oreo, biometrics can be used and stored only with a secure screen lock
With Android 8.0 Oreo, a big change is in order as far as biometrics on a Samsung device are concerned. Thanks to new compatibility rules implemented by Google in the latest version of Android, owners of Samsung devices will not be able to store their fingerprint, iris, or facial recognition data unless they use a secure screen lock such as a pattern, PIN, or password. Right now, if you switch back to an unsecured screen lock after adding your iris, face, or fingerprint, you can choose to keep and use biometrics inside Samsung Pay, Samsung Pass, and other apps and features that support them. With Oreo, that will not be possible.
Secure screen lock a must to keep biometric data on Oreo
The information comes from a document we have obtained, and indeed, we tested it out on a Galaxy S8+ running the Oreo beta and were able to confirm it. This doesn’t apply to those who are already using an insecure screen lock (‘swipe to unlock’, or the ‘none’ option that keeps the phone unlocked and skips the lock screen altogether) while having biometrics enabled for apps before they upgrade to Oreo. But switching back to an insecure screen lock on a device running Oreo after biometrics have been added will delete all biometric data. No option will be offered for keeping that data, as is the case on Nougat.
What does this mean? It means that should you want to use biometrics inside apps and features such as Samsung Pay or Samsung Pass, you must use a pattern or PIN to lock the device. It’s a good security measure, although it will be inconvenient for those of us who don’t prefer using biometrics to unlock their phone (yes, we do exist). Sadly, Samsung cannot skirt this rule as it is a part of the Android Compatibility Definition Document (CDD), which every manufacturer has to adhere to if it wants its devices to run Google’s apps and services.
The only way then, as mentioned above, is to make sure you have already set the screen lock type (in Settings » Lock screen and security) to swipe or none and saved your biometrics before you upgrade to Oreo. Thankfully, the Oreo update is still yet to arrive on any Samsung device, so you can go in prepared when the update hits. Well, unless you installed the Oreo beta on the Galaxy S8 or Galaxy S8+ without knowing about the new rule (which would be all of us), in which case you’re doomed to keeping your phone locked with a pattern, PIN, or password if you want to authenticate inside apps via iris, fingerprint, or facial recognition.
Are you among those users who keep their phone unlocked while using biometrics for other functionality? Tell us how you feel about the policy change on Android 8.0 Oreo.
Related: What’s New With Android 8.0 OreoJoin the Discussion