An update for the Google Play Store is coming soon! Google is notifying Android users about a change related to how you verify purchases. This change aims to promote the use of fingerprint or facial recognition (biometric authentication) instead of passwords.
Now users have several questions: How does it work? Is it safe? But the biggest question is: should you turn it on or not? Get answers below.
When you use biometric verification on the Google Play Store, like your fingerprint or facial recognition, it's a quick and secure way to confirm your identity without needing to type in a password. Here is how it works step by step:
Setup. First, you need to set up the biometric feature on your device, it can be fingerprint or face recognition. This involves scanning your fingerprint or face to let your device recognize it in the future.
Using biometrics on Google Play. Once it’s set up, when you want to make a purchase or perform a secure action on the Google Play Store, you'll be prompted to use your fingerprint or face for verification.
Verification process. At this point, your device checks the fingerprint or face you provide against the one you've previously set up. This comparison happens locally on your device.
Completion. If the biometric data matches, the action is approved and you proceed with your purchase or action. If it doesn’t match, you'll be asked to try again or use an alternative verification method like a password.
Verification frequency. You can choose how often you want to verify your purchases with biometrics: always, every 30 minutes, or never.
Google offers this method since it's much faster than typing a password and adds an extra layer of security, since biometric data is unique to each person and hard to fake.
Google Play biometrics verification is designed to be secure against theft of your biometrics itself:
Device-based storage. Your biometric data (fingerprint, face scan) is stored securely on your device's hardware, not on Google's servers. This makes it much harder for hackers to steal it remotely even if they breach Google's systems.
Encryption. The biometric data is typically encrypted on your device using strong keys. Even if someone manages to access the raw data, it would be useless without the decryption key. In other words, imagine your fingerprint or face scan as a secret code used for Google Play purchases. Encryption scrambles this code on your device like a super-complex lock. Even if someone peeked at the scrambled code, they wouldn't be able to crack it without a special key. This key is also stored securely on your device, making it very difficult to steal your biometric information.
Can the government get access to my biometrics if I turn on Google Play biometric verification? No, as we said above, Google Play stores your fingerprint or face scan data securely on your device's hardware, not on Google's servers. This means government entities would need a warrant and physical access to your device to retrieve it.
Any face model or fingerprint that is saved on your device is considered biometric. Remember that your device's biometrics could be utilized for verification if they are stored there. Make sure you are comfortable with all of the biometrics stored on your device being used for verification if you share it and decide to utilize biometrics for verification.
If your device is lost or stolen and someone unlocks it (bypassing your screen lock), they could potentially use your biometrics to make purchases on Google Play. But keep in mind that this is a potential situation, it's difficult to replicate your biometrics.
While less likely, advanced hacking techniques or physical access to your device could theoretically compromise your biometrics.
Here are some steps you can take to further mitigate these risks:
Only share your device with trusted individuals.
Use a strong screen lock (PIN, fingerprint, or pattern) to make it harder for someone to access your device.
Keep your device's software updated for the latest security patches.
Consider disabling biometric verification if the risks outweigh the convenience for you.
Be wary of unfamiliar apps and avoid installing apps from untrusted sources, as they could contain malware designed to steal your data, including biometrics.
Google Play biometrics verification offers several benefits that can make your in-app purchases smoother and more secure:
Increased security. It is often more difficult to replicate biometrics, such as fingerprints and facial recognition, than passwords, making it less likely for someone else to authorize a purchase on your device without your knowledge.
Convenience. It is far quicker to use a fingerprint or face scan rather than a password each time you wish to make a purchase.
Reduced risk of accidental purchases. Biometric verification adds a confirmation step to prevent unintentional purchases, which is especially helpful for shared devices or those used by families with children.
Improved accessibility. For those who struggle with typing in or remembering passwords, biometrics may be more user-friendly.
Passwordless future compatibility. Google Play's biometric verification gets you ready for a more secure future as stronger authentication techniques replace passwords.
When compared to passwords, Google Play biometric verification provides a notable increase in security. But be mindful of the possible hazards, particularly when using shared devices. Be cautious while sharing a device that has biometric verification enabled and use a robust screen lock.