I was wondering if its possible to create an app which can be unlocked by a specific person and only, without being possible to get unlocked by another person.
I will try to describe my thoughts in more details.
The traditional security of applications nowadays happens with use of a username and password most of the times, but a person can give easily his credentials to another person in order to login. Biometrics can be used as security but in order to be safe, both android and ios store them in the device, which is very good in terms of safety. The problem is that a person can change biometrics in his device, for example someone can add his friend's fingerprint or face.
I want to create an app in which a person will add his biometrics as credentials the very first time and these biometrics will not be possible to change after that. Of course he will be able to delete them if he want.
The structure of biometrics right now is device-centric, a person can do whatever he wants in his device, and other people aswell with his permission. So I want to restrict the last part. I want to be sure that my app is used by a specific person and only by him.
Is it possible? What I thought is to create a private - public key when someone add biometric the very first time, with the public key stored in my database and the private in user's phone. The if someone change biometrics and private key have to change and the authentication for the app will fail.
Is it possible with android and IOS?
Thank you in advance.