Android sample app to learn about biometric authentication APIs, how to use them with cryptography APIs and how to fallback to non-biometric authentication.

The app mainly showcases:

• Checking if a device supports biometric authentication using BiometricManager.
• Displaying a biometric authentication prompt using BiometricPrompt.
• Generating and storing secret keys in the KeyStore, then using biometrics to protect the encryption key and provide an extra layer of security. This uses CryptoObject and Cipher to handle encryption and decryption.
• Configuring the biometric prompt to control settings like requiring the user's confirmation after a biometric authentication.
• Falling back to non-biometric credentials to authenticate, including a PIN, password or pattern.

There are certain difference in what the biometric and cryptography APIs offer and support across Android API levels. The differences produce 3 groups of API levels that share the same features:

• Pre Android Marshmellow (API level 23)
• From Android Marshmellow (API level 23) to Android R (API level 30) [exclusive]
• From Android R (API level 30) and onwards

Given these differences, and to clearly understand the biometric and cryptography APIs, this sample defines compatibility classes (think of Android's compatibility classes, not as fancy though) that expose interfaces (BiometricAuthenticator and CryptographyManager) meant to be used by a client (The client in this scenario being the app's main Activity). These abstractions list the expected behaviors they support, and hide the detail implementations on different API levels from the client.