How to Test Biometric Authentication With Appium

Biometric authentication has become an essential feature in all mobile phones today. It helps in identifying a person using their biometrics such as fingerprints, facial recognition or retina scans to sign in to the mobile application or validate the financial transactions from their mobile phones, thus providing a high-quality mobile user experience.

In this blog, we will learn about how to test biometric authentication with Appium on a real device cloud like LambdaTest. We will also take a look at enabling biometrics in emulators and run the automation tests locally on it using Appium.

Importance of Testing Biometric Authentication

As per the Precedence Research, the global biometrics market size is estimated to hit around USD 267.05 billion by 2033. It was estimated at USD 41.58 billion in 2023. This market size is estimated to grow with a double-digit CAGR of 20.44% from 2024 to 2033.

Biometric authentication, like fingerprint and face ID, is expected to play a key role in mobile applications, requiring thorough testing.

Here are some of the basic aspects of testing biometrics:

• Functional and security validation of the biometric

This ensures that the biometric data belongs to the person claiming to be. Testing also verifies that the authentication process doesn’t approve access if someone else’s biometric data is used.

• Compatibility testing of biometric-driven mobile applications

Compatibility testing of biometric driven mobile applications makes sure that the mobile application with biometric function works seamlessly across different mobile devices. It also ensures that the application works fine on other platforms, such as iOS, Android, etc.

• Checking multi-app interactions with biometrics

It’s crucial to test biometric authentication under real-time interruptions like phone calls or notifications. The system should still authenticate the user successfully, even if a fingerprint scan is interrupted.

• Enhanced user experience

Modern mobile phones use Fingerprint and Face ID authentication for easy unlocking. Testing biometrics enhances user experience by enabling quick access with a single touch or face scan, eliminating the need for passwords.

Where to Test Biometric Authentication?

Almost all of the popular and latest mobile devices support biometric authentication as a security feature for their users. However, when it comes to testing such critical features, software testing teams face multiple challenges, which are listed below.

• Testing on physical mobile devices

While physical mobile devices provide much more accurate testing results, testing on physical devices incurs additional costs as it requires purchasing multiple devices for performing cross-device testing.

• Testing on emulators and simulators

Though Android emulators and iOS simulators provide the option to emulate biometric authentication, they lack actual biometric support. When the tests are run on an emulator/simulator, a demo biometric authentication is used, as it is hard to mimic the data of the real-world user.

• Testing on real device cloud

Cloud platforms provide a better solution for mobile app testing. They provide a variety of different Android and iOS real mobile devices on demand. The tests could be run manually or using automation, thus helping the software teams to deliver quality mobile applications to the market on time.

How to Test Biometric Authentication With Appium on Real Devices?

Testing biometric authentication with Appium on a real device cloud helps testers automate biometric tests, such as fingerprint and Face ID, to validate seamless user authentication in real-world scenarios.

Appium exposes the fingerprint() method from the AuthenticatesByFinger interface

for stimulating the action of performing fingerprint authentication. This method internally calls the “mobile: fingerprint” command that helps in performing the fingerprint authentication.

Using this method, fingerprint authentication tests could be automated, relieving the software teams from performing biometric authentication tests manually.

In this section, we will be using the LambdaTest real device cloud to test biometric authentication with Appium. LambdaTest is an AI-driven cloud testing platform that helps you test mobile apps using Appium on real devices for Android and iOS.

Test Scenario 1 – Successful fingerprint authentication

Upload the Instrumentation App by LambdaTest on the LambdaTest cloud platform. Open the Instrumentation App on Samsung Galaxy S23 (Android version 13) real mobile device on the LambdaTest cloud platform. On the Homepage of the app, click on the BIOMETRIC/FINGERPRINT button. Perform successful fingerprint authentication using LambdaTest biometric injection. Assert the toast message text “Success” after the fingerprint is validated successfully.

Test Scenario 2 – Failed fingerprint authentication

Upload the Instrumentation App by LambdaTest on the LambdaTest cloud platform. Open the Instrumentation App on Samsung Galaxy S23(Android version 13) real mobile device on the LambdaTest cloud platform. On the Homepage of the app, click on the BIOMETRIC/FINGERPRINT button. Fail the fingerprint authentication using LambdaTest biometric injection. Assert the toast message text “Authentication Failed” after the fingerprint authentication fails.

Before we get started with writing automated tests to perform biometric authentication with Appium on the LambdaTest cloud platform, there are a few prerequisites that need to be taken care of.

Uploading the App

The first thing you need to do is to upload the mobile app on the cloud platform.

Step 1: Log in to the LambdaTest platform and navigate to Real Device >> App Testing.

Step 2: Select the platform for which the mobile app needs to be uploaded. Here, we will select the Android platform as we need to perform testing on the Android mobile application.

Step 3: Click on the Upload button and select the required Android app to upload. Once the mobile app is uploaded successfully, a message will appear at the top of the website.

Step 4: Enable the biometric authentication for the mobile app by clicking on the setting gear button displayed on the right side of the app name. The Biometric Authentication option is disabled by default, which can be enabled by switching ON the toggle.

Step 5: After the Biometric Authentication toggle is switched ON, click on the Save Changes button.

Setting Up the Project

Let’s create a new Maven project and update the dependencies for Appium and TestNG in it.

Maven is a build tool that helps in easily maintaining the versions of the dependencies and auto-downloading of the required jar as updated in the pom.xml file. TestNG is a test runner framework that helps in running automated tests..

Configuring the Android Driver

Let’s first create a new Java class file named AndroidDriverManager.java. This file will have all the configuration-related methods that will help in running the automated tests on the LambdaTest platform.

Code Walkthrough

There are mandatory capabilities that need to be provided in the configuration for running the tests on the LambdaTest Cloud platform. LamdaTest Username, Access Key, and Grid URL are some of the values that need to be supplied in the configuration.

As the Username and Access Key are secret values, we will be supplying these values using environment variables considering the best practice that the secret values should not be hard coded in the code.

The next important capabilities for this demo are “app” and “enableBiometricsAuthentication”.

The “app” capability requires the app id, which is received after the mobile application is uploaded to the LambdaTest cloud grid.

There are two ways to upload the mobile application on a real device.

• Using the LambdaTest API
• Using the LambdaTest website

The “enableBiometricAuthentication” capability helps in simulating the biometric authentication with Appium during real-time app testing and hence needs to be set to “true” to enable it.

Other capabilities such as device name, platform, and platform version. Application path, etc., can be easily set using the LambdaTest Capabilities Generator, which is a UI-based configuration setter.

A user can accordingly select the required capabilities from the UI, and the website automatically generates the code for it, which can be directly copy-pasted into the tests, making the tester’s life easy.

The ltOptions() method in the AndroidDriverManager class returns a HashMap of all the required capabilities, such as platform name, platform version, device name, app path, etc.

The following are the important capabilities that are required for testing biometric authentication with Appium on real mobile devices.

We will be running the tests on the Samsung Galaxy S23 real mobile, which has Android version 13. All these respective capabilities will be set in the ltOptions() method. The values from this ltOptions() method, which returns HashMap, are consumed by the setCapabilties() method, which returns the object of DesiredCapabilities class.

Finally, these capabilities are used while instantiating the Android driver in the createAndroidDriverInCloud() method.

As discussed in the earlier section, the LambdaTest Username and Access Key are provided using the environment variables (LT_USERNAME and LT_ACCESS_KEY). The Grid URL helps in running the tests on the cloud. It will connect to the Appium session running on the cloud using this URL. Finally, the AndroidDriver is instantiated using the LambdaTest Username, Access Key, Grid URL, and the desired capabilities.

Once the AndroidDriver session is created, the setupDriverTimeouts() method is called, which will make the AndroidDriver wait implicitly for 5 seconds.

The instance of the AndroidDriver will be returned using the getAndroidDriver() method, which will help us while creating Page Objects for calling different Appium methods.

The quitDriver() method will be used for quitting the AndroidDriver session. This completes the configuration and set up required for running the mobile automation tests. Now, let’s delve into writing the automated tests for the scenarios we discussed earlier.

Writing the Tests

Let’s first create a new class named BaseTest.java that will help us write a more robust test by removing the duplicate code. This class will basically contain the code for starting a new AndroidDriver session and quitting it and will be extended by the actual test classes.

The BaseTest class has two methods: setup() and tearDown(). The setup() method instantiates the AndroidDriverManager class and creates a new AndroidDriver session, which will help in running the automated tests on the LambdaTest cloud platform.

Once all the tests are run successfully, the quitDriver() method is called which will close the driver.

Implementation: Test Scenario 1

In the first test, we will be performing successful biometric authentication with Appium on the Instrumentation App by LambdaTest, using the Lambda hook. The Lambda hook for biometric authentication allows the user to implement the pass or fail conditions using the automation scripts.

Once the fingerprint authentication is successful, the assertion will be performed to check the text of the toast message.

Let’s create a new test class named BiometricAuthTests.java. This class will extend the BaseTest class. A new method testSuccessfulBiometricAuthenticationUsingLambdaTest() is created in the class.

The first line of the test method instantiates the HomePage class, which houses all the WebElements of the Instrumentation mobile application’s Homepage. The HomePage class is created as a part of the Page Object Model design pattern as it helps in the readability and maintainability of the code.

The biometricBtn() method returns the WebElement of the BIOMETRIC/FINGERPRINT button using the id locator. Next, to perform the successful biometric authentication with Appium, we need to execute the command – lambda-biometric-injection=pass.

This command will be executed using the performSuccessBioMetricAuthenticationOnRealDevice() method, which will first click on the Biometric button on the Homepage and then validate the biometric authentication with Appium using the command provided.

Finally, the text “Success” will be captured using the getMessageText() method, which will return the text in String format.

The assertEquals() method from TestNG is used in the test, which performs the assertion to check the text returned using the getMessageText() method, which should be “Success”.

Implementation: Test Scenario 2

In this second test, we will be performing failed biometric authentication with Appium on the Instrumentation App by LambdaTest, using the biometric injection. The text of the toast message – “Authentication Failed” will be asserted to verify that the failure happened as expected.

A new test method testFailedBiometricAuthenticationUsingLambdaTest() is created within the same BiometricAuthTests class.

The implementation of test scenario 2 is almost the same as test scenario 1, where the HomePage class is instantiated first, and then the performFailedBiometricAuthenticationOnRealDevice() method is called, which fails the authentication.

The performFailedBioMetricAuthenticationOnRealDevice() method clicks on the BIOMETRIC/FINGERPRINT button on the Homepage of the mobile app. Next, the command lambda-biometric-injection=fail is executed using the executeScript() method, which will eventually fail the biometric authentication.

Finally, the assertion is performed to check that the toast message returns the text “Authentication Failed”.

Executing the Tests

The following testng.xml file is created to perform the test execution. This file needs to be placed in the root folder of the project. It will execute the tests one by one in the following order:

• testSuccessfulBiometricAuthenticationUsingLambdaTest
• testFailedBiometricAuthenticationUsingLambdaTest

To execute the test, we need to right-click on the testng.xml file and select the option Run ‘…/testng.xml’.

The following screenshot shows the test execution of both of the test scenarios executed using IntelliJ IDE.

The results of the test execution can be viewed on the LambdaTest Dashboard by logging in to its website. The Dashboard shows details of the test run, such as the platform name, its version, device name, test name, duration, and status.

More granular details of the test can be viewed on the LambdaTest build details screen, which can be viewed by clicking on the test name on the LambdaTest Dashboard screen.

The LambdaTest build details screen shows detailed insights such as Test Logs, Network Logs, Appium Logs, Device Logs, etc. It also provides us with a video recording of the test execution.

How to Test Biometric Authentication With Appium on Emulators?

Emulators represent all the features that real Android devices have. Fingerprint authentication is one such feature and it comes along in the Android emulators as well. It is recommended to test the biometric authentication feature on real devices, as they ensure that the feature works fine from the security point of view as well.

However, in the absence of real devices, Android emulators could be used. However, we need to make sure that we select the emulator that has the fingerprint authentication feature available in it.

Enabling Biometric/Fingerprint Authentication on Emulators

Let’s create a new Android Emulator using “Pixel 7” with Android version 13 using the following steps:

Step 1: Start Android Studio and open the Virtual Device Manager.

Step 2: Click the Create Device button on the Device Manager screen.

Step 3: Select the device definition, i.e., “Pixel 7” and click on the Next button to continue selecting the image (Android version).

Step 4: Select the system image, basically the Android version that needs to be set to run the emulator. Select “Tiramisu” , which is the Android 13 version.

Step 5: Verify the configuration that was selected for creating the emulator. By default, Android Studio already provides the name of the emulator that can be used.

Step 6: Click the Finish button to create the AVD (Android Virtual Device). The newly created emulator can be found on the Device Manager screen as shown in the screen below.

Step 7: Click the Play button displayed beside the emulator name to start the respective emulator. The Android emulator will get started successfully and we should be able to see the virtual mobile device appearing on the screen.

Now, we are all set with the emulator and can now enable fingerprint authentication in it.

Step 8: Open the Settings app in the emulator. In Settings, search for “fingerprint”.

Step 9: Select the option “Pixel Imprint”. On selecting the “Pixel Imprint” option, the emulator will ask to choose the screen lock, let’s select the option “PIN” here.

Step 10: Enter a number of our choice to set the PIN. I will be setting the PIN to “1234”. Click the Next button to move to the next screen. On the next screen, re-enter the same PIN digits and click the Confirm button. Next, it will ask what needs to be displayed on the lock screen.

Step 11: Select the default option and click the Done button to move to the next screen, where it will allow us to set the fingerprint.

Step 12: Click the I Agree button; it will take us to the next screen, where we will be able to set the fingerprint.

Step 13: As we are using the Android emulator, we will be entering the following adb command using the terminal. It will help us with setting the fingerprint.

The number “1” in the command above can be replaced by the number from “1” to “10”; however, we need to make sure that whatever finger number we set for the fingerprint, the same number should be used to unlock the emulator otherwise the authentication will fail.

After hitting the command once, the same command needs to be run a second time to complete the fingerprint setup.

Step 14: Click the Done button to complete the fingerprint setup. On the next screen, we should see that “Finger 1” was successfully added as a fingerprint.

To verify that the “Finger 1” is successfully added as the fingerprint, lock the emulator and hit the following command from the terminal, it should unlock the emulator successfully.

Finally, fingerprint authentication is successfully added to the Android emulator. Now, let’s discuss the test scenario to perform the fingerprint authentication on the Android emulator.

Test Scenario:

Open the WebdriverIO demo application on the Android emulator. Navigate to the Login page. Click on the fingerprint authentication button. Perform the fingerprint authentication using Appium. Verify the success message text – “You are logged in through Fingerprint!”

The following are the details about the technical stack used in this blog to automate fingerprint authentication in the WebdriverIO demo app using Appium with Java.

Programming Language/Tool/Framework	Version
Java	17
Appium	2.5.1
Android Studio	2022.2.1 Patch 2
uiautomator2 driver	2.45.1
Appium Inspector	2024.3.4
Maven	3.9.6
TestNG	7.9.0
WebdriverIO Demo App	1.0.8

We have already configured the fingerprint on the Android emulator. So, let’s jump onto writing the tests.

Configuring the Tests

In the previous section, we demoed the working of fingerprint authentication on a real device cloud. The AndroidDriverManager class was created for configuring the AndroidDriver. We will use the same class and add a new method to instantiate the AndroidDriver for running the tests on the local Android emulator.

A new method createAndroidDriver() is created that will start a new session of AndroidDriver on the local machine. The desired capabilities required for configuring the AndroidDriver will be passed using the uiAutomator2Options() method.

The uiAutomator2Options() method returns the object of the UiAutomator2Options class. The capabilities, such as AVD name, app path, app package, app activity, automation name, etc., are all passed using this method.

Finally, after the AndroidDriver session is created, the implicit wait of 5 seconds is applied to the AndroidDriver session.

Writing the Tests

In the previous section, we added the code to start an AndroidDriver session on the cloud. Let’s update the BaseTest class and add a condition in it that will help in creating a new instance of AndroidDriver on the local machine.

The @Parameters annotation in TestNG will be used to configure the deviceType variable, which will eventually help us in running the tests locally or on the cloud based on the values passed for the variable.

The setup() method implements the working condition for the deviceType variable. If the deviceType variable value is set to “LOCAL” the AndroidDriver session will be started on the local machine. If the value of the variable is set to “CLOUD”, the AndroidDriver session will be started on the cloud platform.

Implementation: Test Scenario

In this test, we will be opening the native Android mobile app by WebdriverIO, navigating to its login page, and performing the login using fingerprint authentication.

Next, the assertion will be performed to check the message text “You are logged in through Fingerprint!” on successful authentication.

Let’s add a new test method testFingerPrintAuthenticationLogin(), in the BiometricAuthTests class.

The Page Object Model is used for maintaining the WebElements of different pages of the mobile app using Page Object classes. Two Page Object classes are created, one for the Main page or the Homepage of the app and another one for the Login page of the app.

The MainPage class locates the menus displayed on the Homepage of the mobile app.

The openMenu() method in the MainPage class will locate the menus using the accessibility ID. Next, this method is called in the openLoginPage() method, which will open the Login menu and return a new instance of the LoginPage class.

The fingerPrintBtn() method locates the FingerPrint authentication button, the cancelBtnInAuthenticationView() method locates the Cancel button that displays when the FingerPrint authentication button is clicked.

The getSuccessMessageTitle() method returns the success message title in string format, and similarly, the getSuccessMessageText() method returns the success message text in string format. The title and text will be used in performing assertions.

The performBiometricLogin() method takes the fingerPrint ID as an input parameter. This fingerPrint ID is the actual fingerPrint ID that was used to set the fingerprint authentication in the Android emulator.

This method performs the click on the FingerPrint authentication button and waits for the cancel button in the authentication view to be displayed.

The reason for locating this button is that we tried to validate authentication directly after clicking on the FingerPrint authentication button, but the test failed as it needed some time for the authentication to appear. Hence, this approach was taken to locate the Cancel button and wait for it to be displayed after clicking on the FingerPrint authentication button.

Finally, it then calls the fingerprint() method from Appium to validate the fingerprint authentication.

Summarizing the test, it will first create an object of the MainPage class and call the openLoginPage() method which will navigate to the Login page.

Next, the performBiometricLogin() method will perform the fingerprint authentication. To validate the successful fingerprint authentication, the assertEquals() method of TestNG is used to check the title of the message equals “Success” and its text equals “You are logged in through Fingerprint!”.

Executing the Tests

A new test block is added in the testng.xml file for running the tests locally on the Android emulator.

The value for the deviceType parameter will be read from the testng.xml file, which is set to ”local” as we will be running the tests on the local machine.

It should be noted that the Appium server should be up and running on the local machine, and the Android emulator should be started before we run the tests.

With Appium 2.0, the Appium server and drivers are segregated, so to start the Appium server locally with the UIAutomator2 driver, the following command should be executed from the terminal.

To execute the tests, right-click on the testng.xml file and select the option Run ‘…/testng.xml’.

Following is the screenshot of the test executed using IntelliJ IDE:

In this blog, we learned about testing biometric authentication with Appium over emulators and real device clouds like LambdaTest with Appium. However, for web automation with frameworks like Selenium, you can master authentication testing by going through the following video from the LambdaTest YouTube Channel.

Conclusion

Biometric authentication is becoming an important feature in the latest and most popular mobile devices these days. Businesses are implementing different biometric authentication features, such as fingerprint authentication, face ID, etc, to keep their mobile application secure.

These biometric authentications must be thoroughly tested for a seamless experience before it is delivered to the end user. In this blog, we learned about testing fingerprint authentication on real devices using the LambdaTest cloud platform. We also learned about performing fingerprint authentication testing on Android emulators using Appium.

I would recommend trying your hands on testing biometric authentication with Appium at your end.

Happy Testing!!