Fingerprint data in Android is stored securely using encryption and a dedicated area within the device. Here’s a breakdown:
Secure Storage of Fingerprint Data
Android devices do not store raw fingerprint images. Instead, they use a mathematical representation of unique fingerprint features, known as a template. This template is encrypted and then stored.
Key Principles of Storage
- Trusted Execution Environment (TEE): The entire process of fingerprint acquisition, enrollment, and recognition takes place inside the TEE. This is a secure area of the processor, isolated from the main operating system.
- Encrypted Storage: Only the encrypted fingerprint template is stored on the file system. This ensures that even if someone gains access to the device's storage, the fingerprint data remains protected.
- Device-Specific Key: Fingerprint templates are signed using a private, device-specific key. This adds another layer of security, preventing the templates from being used on other devices.
Storage Process Explained
- Acquisition: When you enroll your fingerprint, the sensor captures an image of your fingerprint.
- Feature Extraction: The TEE extracts unique features from the image to create a fingerprint template.
- Encryption and Signing: This template is encrypted and signed with a device-specific private key within the TEE.
- Storage: The encrypted and signed template is stored on the device’s file system.
Table: Fingerprint Data Storage in Android
| Stage | Location | Data Type | Security Measures |
|---|---|---|---|
| Acquisition & Processing | Trusted Execution Env. (TEE) | Raw fingerprint image | Isolated environment; secure processing |
| Template Creation | Trusted Execution Env. (TEE) | Mathematical representation | Generated within the TEE |
| Encryption & Signing | Trusted Execution Env. (TEE) | Encrypted fingerprint template | Device-specific private key; encryption |
| Storage on File System | File system | Encrypted signed template | Encrypted; signed template; not usable outside the device |
Practical Implications
- No Raw Image: Because only a template is stored, it's not possible to reconstruct the original fingerprint image from the stored data.
- Device-Specific: The device-specific key means a fingerprint template is not transferable to other devices, reducing risk if one device is compromised.
- Enhanced Security: The use of the TEE means fingerprint data is never exposed to the potentially vulnerable Android OS directly.
In summary, Android stores fingerprint data in an encrypted form on the file system after processing and encrypting within the Trusted Execution Environment (TEE), where the data is also signed with a device-specific key. This approach safeguards sensitive biometric information and is based on the reference: "Fingerprint acquisition, enrollment, and recognition must occur inside the TEE. Only the encrypted form of the fingerprint data can be stored on the file system, even if the file system itself is encrypted. Fingerprint templates must be signed with a private, device-specific key.26-Aug-2024".
