How to Test Smartphone Biometrics

  May 17, 2023

Smartphones have advanced greatly since their introduction in the 2000s. From faster GPUs for gaming to advanced instrumentation, these devices are now more computer than phone. Given the limitations of simulators and the complexity of real devices, they've also become a challenge for app developers to test.

Biometric authentication, a fast-growing smartphone technology, introduced testing challenges. While simulators and emulators provide some biometric testing methods and capabilities, development teams wishing to run tests on real devices often encounter problems automating biometric authentication processes.

In this article, you'll learn why biometric tests matter, the challenges with testing biometrics, and how BitBar makes biometric testing across a range of devices easier.

Why Biometrics Matter

Biometric authentication uses fingerprint readers, facial recognition, voice recognition, or other techniques to verify a user’s identity. These capabilities may be an addition to or a replacement for traditional username and password authentication techniques. But increasingly, it's a replacement that's both secure and convenient for users.

About 245 million Americans use biometric technology on their smartphones, with 70% using fingerprint scanning, 15% using voice recognition, and 13% using facial recognition. In aggregate, the global biometrics market projects it will reach $83 billion by 2027, driven by growth in voice recognition and other non-fingerprint areas.

The most popular biometric use cases include:

  • Device Log-in - Nearly half of Americans unlock their smartphones using biometric technologies, such as fingerprints or facial recognition – and that number is only growing.
  • Mobile App Sign-in - Many mobile apps leverage iOS or Android biometric capabilities to facilitate sign-in processes without usernames or passwords.
  • Mobile Banking - Many banks leverage voice recognition technology to verify a customer's phone call, adding an extra layer of security.
  • Healthcare - Some hospitals have integrated biometrics into emergency departments to identify patients quickly. Meanwhile, others may use it to verify identity for prescriptions.

Developers must familiarize themselves with biometric authentication and associated testing processes as these use cases expand.

Biometric Testing Challenges

Biometric authentication adds a layer of complexity to mobile app testing efforts, making some QA efforts more of a challenge. For example, test engineers must ensure both "happy" and "sad" paths produce the correct results and messages. And they may need to support multiple forms of biometric authentication, such as fingerprint or face ID.

Simulators & Emulators

Not surprisingly, simulators and emulators don't support actual biometrics since there's no physical device. However, many simulators enable testers to simulate a matching or non-matching face or fingerprint for testing purposes. For example, iOS Simulator has the option under "Simulator > Features > Face ID," where you can set a positive or negative value.

Appium and other testing tools simplify automating biometric testing within test scripts. Here's an example of an Appium iOS test written in JavaScript testing a FaceID authentication button:

const faceIDButton = await driver.elementByAccessibilityId('faceIDButton'); 

await faceIDButton.click(); 

await driver.execute('mobile: performBiometricAuthentication', { 

    biometricType: 'faceId',  

    options: { success: true } 

} 

These capabilities make it easy to test "happy" and "sad" paths by setting the success option to "true" or "false" (in this example). But simulators and emulators have significant testing limitations.

Physical Devices

Many development teams leverage physical devices to facilitate more accurate tests. For example, simulators and emulators don't accurately represent real-life cellular network behavior, device hardware (CPU/GPU), or other capabilities. Ultimately, real devices are the best way to understand the user experience in production.

Unfortunately, unlike simulators, there's no built-in way to automate biometric authentication on an actual device. For example, Appium only supports biometric authentication on virtual devices, such as iOS simulators or Android emulators, creating a fundamental limitation. As a result, many teams use manual tests to verify biometrics.

BitBar Solves These Problems

BitBar provides a single cloud platform for all device testing requirements. Rather than building and maintaining a device lab, you can securely test your web, native, or hybrid apps across real environments. Moreover, BitBar provides a helpful API enabling easy integration with Appium and CI/CD tools you already use.

BitBar dashboard

BitBar makes it easy to test mobile apps across various devices and configurations.

The biometrics instrumentation that BitBar provides enables you to automate biometric identity authentication across real devices. These include client-side tests and server-side tests using Appium. When creating an automated test, simply toggle the biometrics option to "enabled." Then, you can use relevant APIs and methods in your tests.

For Android devices, BitBar supports the following APIs:

  • BiometricPrompt
  • BiometricManager
  • FingerprintManager

For iOS devices, the platform supports these instance methods:

  • evaluatePolicy:localizedReason:reply:
  • canEvaluatePolicy:error:

But note that you cannot use code obfuscation techniques with biometrics.

In addition, you can leverage biometric authentication in live cloud-based tests, where a dialog box appears, allowing you to choose whether you want the biometric authentication to pass or fail for testing purposes. That way, you can confirm functionality across various devices and configurations rather than relying exclusively on simulators.

Of course, there are several other reasons to consider BitBar as well:

  • Integrations – BitBar supports Appium and any native mobile test automation framework in all languages. Moreover, you can bring your Docker or VM-contained mobile app frameworks and local tests to our device cloud. And our open API makes it easy to integrate with any CI/CD framework or custom tools.
  • Parallel Testing – The BitBar device cloud makes running mobile tests in parallel on real devices easy, helping speed up your test suite and cut down your execution time. You can set up unlimited users with unlimited testing minutes, making it possible to run your test suite in minutes rather than hours.
  • Extensive Library – BitBar provides access to more than 200 device models with hundreds of configurations, ranging from OS version to browser to screen size. That way, you can test using settings that accurately reflect your user base.

The Bottom Line

Biometric authentication has become increasingly common within mobile apps, but unfortunately, it can be challenging to test. Testing biometric capabilities on real devices isn't possible using vanilla Appium. Development teams choose BitBar to create more accurate cloud-based tests with biometrics support – and yours should too.