Developers, Add Voice Biometrics To Your Mobile App

Thanks to technology implementations by Google and Apple, app developers and device users have at their disposal more options to improve security through biometrics and certificates on devices. But what about you as the app developer being able to exert control over the security mechanism without having to rely on the capabilities of the device, the device vendor, or the device operating system? How can you implement voice biometrics security without depending on Google or Apple?

One simple way to deliver a "mobile" voice biometric solution is to use the mobile device to make or receive a phone call, as we describe in our page on Using Voice Biometrics For Multi-Factor Authentication. Phone calls work on all phones, whether smartphone or older non-smartphones. But that's an extra step outside of your mobile app, and leaving your app is often undesirable. And what about tablets and other devices that may be using wifi but are not able to send and receive phone calls?

Good News! The answer is straightforward. Voice Biometrics Group offers a RESTful API. Therefore, all you need to do is use the native audio capture capability in the device to grab a sample of audio that you then send to our voice biometrics platform. If you are not already familiar with the broader context of how audio capture fits into a complete voice biometrics solution, check out our tutorial. If you understand the full context of an app but are new to how to build voice biometrics applications using our platform, then check out our overview for developers. It explains the logic flow of a voice biometrics application regardless of the communication channel. Otherwise, the next section explains how we built an app on top of our APIs to demonstrate how to add voice biometrics into your mobile application.

Mobile App Architecture For Voice Biometrics

One of the first questions that comes up regarding voice biometrics on a mobile device is whether it is necessary to embed the voice biometric engine on the device. Our strong belief is "no." If the device is working with no data connection, the clean and simple way is to use an approach we outline as an example in Using Voice Biometrics For Multi-Factor Authentication as a method to authenticate provided you at least have phone service.

If the mobile device is online, embedding the engine is definitely not required. Just like Siri and Ok, Google, your application can record voice snippets on the mobile device and send them over the data channel to our voice biometrics engine. You do this directly from your app by enabling the microphone, prompting the user appropriately, having the user start and stop recording, and then submitting the voice snippet. It only takes a few seconds, and the voice snippet is typically only 60 to 80 kbytes, a relatively small amount of data. The engine then gives your application a response back that leads to a next step, usually either enabling access or blocking access. The benefits of a service-oriented approach are numerous:

  1. Your application is simpler and more compact compared to embedding an engine
  2. The voice biometric engine code is not exposed to hacking and reverse engineering
  3. The performance of the engine is not limited to resources on the device
  4. Enhancements to the engine over time are centralized and do not require upgrading the mobile application.

If you own the code on the mobile device and you have access to our RESTful APIs, you can build a total solution multiple ways. For example, we built an Android mobile app using a simple web-style form and PhoneGap that mimics our visual web demo. Our mobile demo app communicates directly to our servers through the data network. It does not use the voice network at all. The API key credentials are pre-loaded in the mobile app but are configurable. The app enables you to enroll and verify using either RandomPIN™ or a static passphrase. The demo app also offers a few option settings, such as enabling you to choose whether to auto-submit the audio at the end of a recording or only when you tap the submit button. Our demo app is simple, functional and operates entirely standalone. The screenshots below give you an idea of what happens in the mobile app.

VBG Mobile Voice Enrollment

Enrollment Start

Tapping Proceed starts the enrollment

VBG Mobile Voice Verification

Verify Start

Tapping Proceed starts the verification

VBG Mobile Voice Verification Prompting

Verification Prompt

Start and stop recording for the prompted phrase

However, for a robust and secure enterprise solution, you will likely have the client device communicating with your mobile application server. With respect to the audio captured on the device, you could first capture audio on your server and then relay to our API either in the VBG Cloud or on your premises. Or, to avoid sending data through two steps of store and forward, you can send via encrypted messaging the credentials and address for the client to send the audio to the voice biometrics server. Either way, you keep the client app as "stupid" as possible, devoid of permanently storing API credentials. The bottom line is that no matter how you choose to implement, RESTful APIs along with our transaction-oriented approach as described in our developer overview, give you the capability to easily add a voice biometrics capability to your mobile application.

Get Started Quickly

To prove to yourself that voice biometrics will work on a mobile application, contact us and ask for an NDA and a Free Trial. We'll send you our demo APK that runs standalone against a special account on our system. And we'll set you up with your own account, so you can build your own mobile app with a secure account specific to you.