Adding Voice Biometrics to Mobile Apps

In this article we consider several ways that you can add voice biometric functionality to your mobile applications.


Adding Voice Biometrics to Mobile Apps

by VBG Staff Posted on October 15, 2023

Introduction

Before beginning, please note that this article does NOT provide step-by-step instructions for developers on how to add voice biometric functionality to a mobile application. Rather, we cover key considerations and provide development guidance.

While there are certainly many different applications for voice biometrics on mobile phones, there are only a few roles that a mobile phone plays with respect to voice biometrics. So, let's review them:

Mobile Phone (No App). Although obvious, it's worth mentioning that the primary function of a mobile phone is as a telephone. In this scenario, you would place a call over the public switched telephone network (PSTN) and your voice would be captured by a remote IVR or Call Center system for voice biometric analysis. Mobile in this case means portable, as not all mobile phones are smartphones. There are many situations where possessing a mobile phone and talking over the PSTN is quite good for voice biometrics applications.
Voice Biometrics App (Local Mode). This is probably the scenario most people would think of relative to using voice biometrics on a mobile phone. In this case we would need a smartphone and a related voice biometric-enabled app. And here "local" means that the voice biometric technology runs locally, without needing access to the PSTN or a WiFi network. One big advantage of this approach is you avoid paying telephone connection charges to a carrier.
Voice Biometrics App (Cloud Mode). This scenario would also require a smartphone. However, the smartphone app would only capture speech samples from the user -- there would be no local voice biometric processing software. The speech samples are sent over the carrier network / WiFi to a remote voice biometric service operating in the cloud or a client's own data center. This approach still avoids telephone carrier connection fees, but it also allows for centralized storage and management of voiceprints.

Within this article we'll dive into each of these mobile phone roles a bit more, and then we'll discuss some potential development approaches for smartphone apps.

Smartphones offer the very attractive benefit of allowing a user to talk on the phone without paying carrier connection fees. This is critically important if you need to support high volumes of routine, voice biometrics-based authentications.

The Case for Regular Phones

For users with regular, non-smart mobile phones there is unfortunately no way to leverage the power of voice biometric technology without being on a phone call that involves the carrier's telephone network. But, the fact is, this isn't necessarily a bad thing for many potential uses of voice biometric-based mobile phone authentication.

Advantages:

No Mobile Development Costs. There's no "app" to build, deploy, maintain, and support. These can be huge costs for many organizations.
Large User Base. The fact is: not everyone can afford a $300-$1,000 smartphone. In so many places around the world, flip phones and non-smart phones are the norm.
2-Factor Authentication Works Great. Placing an outbound call to a registered number provides some level of the "something you have" factor. Of course, it could be argued that it's easy to forward a phone number; however, that's where voice biometrics comes into play. A fraudster might have your phone, but they won't have your voice.

Disadvantages:

Added Carrier Costs. Call connection fees will apply. However, there are many low-cost carrier networks, and NOT having app development costs may offset any carrier cost concerns.
Limited Authentication Factors. You won't really be able to exceed 2FA with a regular mobile phone. For many use cases however, this is still quite acceptable.
2-Factor Authentication Works Great. Placing an outbound call to a registered number provides some level of the "something you have" factor. Of course, it could be argued that it's easy to forward a phone number; however, that's where voice biometrics comes into play. A fraudster might have your phone, but they won't have your voice.

Although the tendency with mobile phones is to lean toward development projects with smartphone apps, VBG still supports many client applications globally that leverage regular phones. Simply stated, the use of non-smart phones with voice biometrics is still considered a "best practice" in many circumstances.

When considering the use of mobile phones with voice biometrics, consider your entire user community and your specific application objectives. Non-smart phones might make a lot of sense technically, operationally, and financially!

The Case for Smart Phones

The use of smartphones with voice biometrics is clearly on the rise. But what's helping to fuel this trend? For one thing, carriers are reacting to the popularity of smartphones and are offering fewer and fewer regular (non-smart) phone options to their customers. Also, phone manufacturers understand that not everyone can afford $1,000 smartphones, so they are expanding their product lines to offer lower-priced alternatives with less features, different materials, etc.

Technical Capabilities

Perhaps the most important driver to smartphone adoption is the wealth of technical capabilities they possess. Today's smartphones are really full-featured computers, packing tons of memory, storage, and processing power into a tiny package. They support highly sophisticated chipsets and algorithms (including encryption). And, with the proliferation of high-speed data (WiFi) network access, the breadth of potential mobile applications is limitless.

Today's smartphones are essentially full-featured computers, packing tons of memory, storage, and processing power into a tiny package.

The unfortunate reality of today's world is that fraudsters have become extremely sophisticated and technologically advanced. So, to help strengthen your voice verification (or identification) process, equally sophisticated and technically advanced authentication approaches are warranted. And smartphones are a clear and obvious tool to consider. So, what are some of the other key considerations for using smartphones with voice biometrics?

Advantages:

Accessibility. The use of smartphones is growing, and people are very rarely without their smartphones for long. Smartphones give you an "always available" factor.
No Call Connection Charges. Smartphones allow people to talk without paying carrier connection and transport fees. This is critically important for large user communities with large authentication needs.
Multi-Factor Authentication Support. The technical capabilities of smartphones allows for true 3 (or more) factor authentication to take place, increasingly a requirement for many companies.
Lower Deployment Costs. Since people are already carrying smartphones, that's one less expense for a company to have -- especially when compared to stand-alone tokens. And, smartphone users tend to take personal responsibility for their phones.

Disadvantages:

Development Cost. The main disadvantage of smartphones relates to the costs to develop, deploy, maintain, and support mobile applications. Hopefully, these costs are balanced out by the potential fraud costs that would occur if you didn't have your smartphone app(s).
Economic Segregation. Regardless of the efforts of mobile phone carriers and manufacturers, smartphones are still not affordable and available to all. This can not only be limiting to your organization, but can also create unwelcome consequences with your corporate image.
Multi-Factor Authentication Support. The technical capabilities of smartphones allows for true 3 (or more) factor authentication to take place, increasingly a requirement for many companies.

VBG is supporting more and more smartphone applications over time. So, we'll next take a look at the "local" vs. "remote" question related to the location of the voice biometrics functionality.

Using "Local" Voice Biometrics

Assuming you've reached the point where you're committed to developing a mobile app that incorporates voice biometrics, another key consideration is whether the voice biometric functionality resides on the phone (i.e., is "local") or is on a server somehere (i.e., is "remote").

It's a complex consideration, with no 100% correct answer. And, there are of course advantages and disadvantages to each approach. So, we'll first explore the local approach.

Local Advantages:

Always Available. You will ALWAYS be able to use voice biometric functionality if it is located on the smartphone; the same is not true for remote processing should network access become temporarily unavailable.
Low Latency. If the voice biometrics functionality is local, there will be low or no latency related to device distance from the remote server, busy network traffic, etc.
Distributed Enterprise Credentials. Those with enterprise-wide authentication needs may favor the use of distributed credentials. That is, there is less risk from NOT having all voiceprints residing in one centralized repository.
Isolated Individual Credential. Related to the above point, some feel that security credentials should never be transmitted. And, security credentials should never be shared or made available across multiple websites or applications.

There are other advantages too, but these are perhaps the most important. Further below we'll consider the case for "remote" deployments of voice biometrics. As you might imagine, advantages of one approach are sometimes viewed as disadvantages of the other (and vice versa).

FIDO Alliance

A number of years ago, the FIDO Alliance was formed to address these very concerns. It is beyond the scope of this article to explain everything about the FIDO Alliance, but interested readers are strongly encouraged to visit their site. It is a very good organization, with worthwhile objectives and standards.

Development Tools

As you can imagine, the use of on-device voice biometric processing requires either an installable SDK from a voice biometric vendor, or on-device (chip-based) capabilities which are exposed by the mobile phone manufacturer via their preferred development APIs. And, development will generally be more complex.

Apple iPhone. To start with, you'll need an Apple computer running the latest version of OS X, or a suitable emulator. Then, most iPhone apps are developed in Objective C, using Xcode.

Android. Android offers a more flexible development environment, with an IDE such as Eclipse being recommended. Java is the native language for Android, so download the Android SDK "bundle" from Google.

As you can imagine, putting voice biometric functionality on-device means development is more complex, as is on-going maintenance and support. So, allot more time, resources, and money for your development process. This is especially true with new DNN algorithms which require much more computing power to operate smoothly and quickly.

Using "Remote" Voice Biometrics

We've evaluated the "local" side of the equation, now it's time to look at leveraging voice biometric processing that is "remote" from the smartphone. It's hard to argue against all the benefits of localizing voice biometrics to the device itself. However, there are distinct advantages to the remote approach.

Remote Advantages:

Feature Access. There are many valuable and sophisticated features that are difficult, if not impossible, to put on-device. Having remote voice biometrics processing gives you access to more powerful servers and hence a richer feature set.
Reasonable Latency. Remote performance will never be as good as local performance. However, with 4G and now 5G networks becoming more mainstream, remote voice biometric services are near-instant in response time.
Centralized Credentials. The flip side to the argument for decentralized credentials: it's easier to lock down, monitor, maintain, and upgrade credentials if they are all centrally located.
Easier Development. The mobile application footprint for remote voice biometrics is limited to the UI and capturing audio -- basic smartphone functions. So, development complexity, frequent application updates, and other maintenance and support hassles are greatly reduced.
Reusable Credentials. The flip side to not sharing credentials across applications: it can make a lot of sense to leverage centrally managed voice biometric services across IVR systems, call center systems, enterprise apps, mobile apps, etc. There is no need to manage different credentials for the same customer who wants to use different contact channels.

Development Tools

With a simpler development requirement, the choice of development tools is greatly expanded. In fact, it can make a lot of sense to use a cross-platform development framework. These can provide excellent results, with no loss of functionality or user experience.

Cross-Platform Tools. We've built demo application using jQuery Mobile and PhoneGap, React Native, and our latest offerings use Flutter. There are many others. However, we've achieved excellent results with these tools and are happy to share source code with our clients and partners.

For almost any organization contemplating mobile application development that leverages voice biometric functionality, VBG strongly recommends that you consider leveraging centralized voice biometric processing in your designs. If nothing else, it's a less costly approach that will give you an application more quickly.

Return to Articles

Ready to Get Started?

It's very easy to work with VBG! Just call us to discuss your needs. We'll show you live demos and can arrange for a free, 60-day trial of our complete system!