Pretty soon you will have to give a blood sample to login
Say what you want about Google but they are surely not evil and bloodthirstyThat’s pretty scary.
No it’s not. If you think it is, you don’t understand what it’s saying as well as you think you do.
There’s nothing in this email that implies Google is uploading biometric data anywhere.
AFAIK it’s stored locally on your device, never uploaded anywhere (and that’s on purpose), and apps can tap into a system-level API to use your biometrics or phone password to re-verify that you’re really you.
“Apps” include Google Play Store.
Why don’t you simply disable the purchase verification?
Oh yeah, Google has never forced things by default before…
Even being Google, it’s unlikely they collect biometric data. It probably uses the same SDK as other apps implementing biometric locking do, processing this data locally, as the biometric templates are also locally enrolled.
This right here. OP is freaking out over a nothing burger.
Can we cut out the hyperbole. They aren’t requiring it and a hash of your finger prints are already stored on your phone if you use biometrics for other things. This email is likely meant as a reminder, especially for people who may not lock their phone down as much as they should and others (likely kids) can get access and spend money they wouldn’t be able to if it was locked down.
So google has access to my fingerprints when they are used to unlock my phone?
How the fuck is this allowed?
Every app has access to an api that asks your phone to verify your fingerprint against the ones stored for the lockscreen. The phone then asks for your fingerprint and tells the app if it passed or not.
As the commenter pointed out, it’s not an image of your fingerprint either. It’s a hash that is stored on your phone that is likely unique to that device.
Is this actually collecting data? I’d guess it uses the phone’s local biometric authentication.
It’s not collecting anything. Your phone stores a hash of your finger prints and uses that to verify it’s you. If you already use biometrics then your phone already has that hash. And while we can never be 100% certain, I’m fairly certain that android doesn’t upload that hash anywhere, it stays local to your phone.