jglassenberg, Feb 19, 2019 : Note: I have attached a PDF as the PRD, but below is a forum-compatible copy, containing less detail. Summary The Android OS today offers to applications, as an added layer of security, to verify the user via fingerprint. With this experience, even if a user has full phone access, a banking app could prompt a user for their fingerprint to ensure once more that the owner is genuinely the one using the account (commonly known as “Step-up authentication”). Being built into the OS, applications may utilize fingerprint easily. As long as the user has set up fingerprint check on Android one time, any app can verify a user’s fingerprint. However, this service still has limitations: Convenience: the fingerprint scan still pauses the application, requires user interaction, and creates a negative experience. Security: fingerprints can still be hacked, and are not sufficient for security for many applications. Financial applications are especially concerned about this. Fingerprints can be bypassed, and are still too inconvenient to users for apps to utilize frequently. A banking app may want to verify fingerprint not only at the initial launch of the app, but also when performing sensitive actions such as withdrawals a few minutes later. They choose convenience over security, refraining from another verification check. Facial recognition is also offered on Android, which is regarded as more convenient and fast, but far, far less secure. In the market today is software to provide a more convenient solution - something commonly called Silent Authentication. With this method, a user is verified by the way one holds a phone and moves the phone. Such verification can happen entirely in the background, without a user’s prompt. This is also found to provide a higher level of security than common means of authentication, such as fingerprint recognition or passcodes. Today, despite the software being proven to work, it has not been adopted and is difficult for app developers to use. However, OnePlus can “one up” iOS and other Android devices by being the first to offer this at the OS layer, right in OxygenOS. From this: To This: (A simple, interaction free modal, or no modal at all). Objectives Improve user experience and security for OnePlus users Give application developers a reason to build specially for OnePlus devices Position OxygenOS as a stand-out operating system, ahead of all other devices in security and usability. Success Metrics Number of users enablement of Silent Authentication feature in OxygenOS Number of applications adopting Silent Authentication APIs Number of instances of user enablement for Silent Authentication among integrated applications NPS for users of Silent Authentication For OxygenOS in general Segmented to individual applications - is NPS increased for users of specific apps when Silent Authentication is adopted? Reduction in cybersecurity incidents for OxygenOS users Possible benchmark of cybersecurity incidents for OxygenOS users of specific apps compared to other OSs. Personas 1. Name: Casual Consumer Details: Plays casual games, but still uses one’s phone for email, Instagram, and Venmo payments. Goals: I really hate entering passwords, pins, etc, but if my phone is stolen, I’d like Instagram, Venmo, and my regular banking app safe. 2. Name: Business Professional Details: Uses device for both personal and business use. Has highly sensitive content accessible on one’s mobile device. Goals: I prioritize security over ease of use, but have a lot of content I need to keep secure. It would be nice to avoid Pins and passcodes as much as possible. 3. Name: High-Asset Financial Customer Details: Uses device for email, family, and banking. For banking, if the device is compromised, millions of dollars is at risk. Goals: I reluctantly prioritize security over ease of use. It’s been annoying, but I understand the risks. It would be great to see more security than facial recognition, and to have that kind of easy experience. 4. Name: Android App Developer Details: Managing code for an application containing a user’s personal content. I have to ensure security, but don’t want users also bothered by the experience. Goals: I don’t want a security scandal. I want my users’ content to be safe. But I don’t want to lose users to competitors just because they’re easier to use [cough - less secure - cough] User Scenarios As a casual consumer, I prefer that my phone be as easy to use as possible. I care about security, especially after recent password hacks, but I don’t want to struggle with passwords and security checks all the time. Being able to log into an app with my fingerprint is OK, but it’s a bit burdensome - especially if I find myself doing this for the same app over and over again in just a few minutes. The less I need to go through passwords, or even fingerprints, the better. As an Android App Developer, I want to verify that the user of my application is the device owner who first connected my account. I’d like to check this when the app launches, and also when the user performs account withdrawals. It may make sense to verify the user whenever the app loses focus and returns (Robinhood does this). However, I know that asking the user to login when first launching the app is already a burden, and only gets worse if users have to login all the time. I’d like to avoid these extra security checks for users, but at the same time, I can’t sacrifice security. Fingerprint scanning is a better option than passcodes, and I’m glad to use this in the OS, but it’s still not something I can apply as frequently as I’d like, due to the burden on the user. If I can trigger a security check just as easily as Fingerprint, but let it run in the background, I could run this more often, and ditch any extra login requests for my users. User Stories More stories and details are provided in the attached PDF. Story: As a Casual Consumer, I’d like to enable Silent Authentication on my device when first setting up my phone so that applications can use this for authorization. Story: As a Casual Consumer, I’d like to manage my Silent Authentication settings, so that I have control as I would for other security settings on my phone. Story: As a consumer, I’ll be notified that Silent Authentication will take time to set up, so that I understand to wait at least a few hours before this can work for me. Story: As a Casual Consumer, I’d like to authorize an app for Silent Authentication, so that I can use it without interruption going forward. Story: As a Casual Consumer, I’d like to launch an app without seeing extra security checks, so that I can go into my app without extra effort. Story: As a Consumer, I may not need to see that the authentication flow is occurring in the background, so that I can continue what I’m doing, and only be notified by the app if authentication failed. Story: As a Consumer, I can see a simple warning that silent authentication failed so that I can respond accordingly. Story: As a Developer, I want to request access to Silent Authentication, so that I can verify my user’s authenticity with minimal interruption. Story: As a Developer, I can specify whether an Authentication modal is displayed, so that I can utilize a default UI rather than my own for the process. Story: As a Developer, I can receive an event to handle in my code with authentication results, so that I can proceed or stop a flow as needed. Wireframes Technical Requirements Manifest definition of a Silent Authentication permission OS-API to check whether the permission was granted OS API to request permission OS API to initiate silent authentication Verify that silent auth is enabled. StartAuth function OnAuthenticationSuccess event handler OnAuthenticationFailed eventhandler (Compare to fingerprint auth) Integration with SDK for silent authentication at the OS level.