The usage of biometric sensors, such as Touch ID or fingerprint authentication, to elevate the security of mobile applications has been proliferating significantly. A key factor in this trend is the convenience and simplicity offered to the end user via onboard sensors. Users and brands are benefitting from increased sense of security in user flows: initially, biometrics were perceived as a credential-form replacement at the login stage. However, nowadays, in-app transactions such as purchases (games, retail), money transfers (banking) and key sensitive transactions are increasingly confirmed with users’ biometric identification.
“Adding Touch ID to our mobile banking app makes it even easier and more convenient for customers to manage their finances on the move and directly responds to their requests,” says Stuart Haire, managing director, RBS and NatWest Direct Bank. (Source)
Figure 1: Just five days after the launch of Touch ID, 72% of all capable iOS logins were via Touch ID. App reviews went up from three to four stars on the Apple App Store with the release of the update and there were over 8,000 Twitter references to RBS and NatWest (Source)
Organizations offering fingerprint authentication in their app face new challenges to maintain app quality:
- New use cases need to be tested. For example, completing the purchase of an item in the cart. While in the past this step did not have re-authentication associated with it, now it does. The test flow needs to include a successful authentication,an unsuccessful one with limited retries, and eventual failure.
- With the new use cases, comes the issue of fitting those new cases into a limited time frame: we want to run a smoke test within minutes of code commit, run these test cases as part of the nightly regression test, etc.
Figure 2: fingerprint authentication drives test case growth
It is estimated the increase in test cases with the new fingerprint authentication is between 10%-30%. Clearly, manual testing is not the right answer for these challenges. While there are no great open source solutions to this challenge, Perfecto is offering our own solution to enable fingerprint authentication both in interactive testing as well as in automation.
To enable this solution in the cloud, the application needs to be instrumented to enable fingerprint authentication.
Figure 3: Controlling fingerprint status in interactive mode
Once enabled, sending a successful/unsuccessful authentication to the application in interactive mode is easy.
In automation, using Perfecto’s command to send a successful/unsuccessful authentication to the application is easy as well.
Actual command to drive:
Here’s a video showing fingerprint authentication in action:
To summarize, Touch ID and fingerprint authentication is benefitting users and application vendors, and Perfecto is now offering testing capabilities to validate correct application behavior with this functionality. To read more, click here.