>>60559591>Those guidelines are only for if the scanner connects to third party software.
Where does it say that? Seems to me like it applies to everything regarding the implementation of a fingerprint sensor on an Android phone running Android 7.0>MUST have a hardware-backed keystore implementation, and perform the fingerprint
matching in a Trusted Execution Environment (TEE) or on a chip with a secure channel to
the TEE.>MUST have all identifiable fingerprint data encrypted and cryptographically authenticated
such that they cannot be acquired, read or altered outside of the Trusted Execution
Environment (TEE) as documented in the implementation guidelines on the Android Open
Source Project site
This doesn't mention 3rd party apps at all, and is referring to the operation of the sensor itself. Now it COULD be argued that it doesn't control the hardware in this instance, just the software though.
However, the OS itself is not, at any time, accessing the biometric data, that data is stored separately on a separate part of the processor that doesn't interact with the rest of the OS. The way the phone handles it is that it gives an auth token to the phone that says a fingerprint has been identified and gives the auth token with no actual fingerprint data itself. Pic related once again.
However, in the other parts of the document there are definite hardware requirements, IF the manufacturer wants to implement that particular hardware feature.