WebAuthn Face Recognition in Android Devices

Problem statement

Implementing the Face Recognition part of the WebAuthn MFA into our locally hosted for Smartphones. While on IOS, there is no issue using Face Recognition, on Android, it does not work and prompts users to use only their Fingerprint.

Cause

WebAuthn MFA Authentication for Android devices only works on devices that have a Class 3 level of security. There are very few devices that support that level of security: Pixel 8 Pro, Pixel 4 Pro, Pixel 6.

Solution

While it can be implemented, the Face Recognition option is only going to work on Android devices that have a Class 3 level of security. Please see this document for more details.