Google Pixel 3 64Gb+4Gb LTE [92/132] Android automotive only sensors

[C-1-1] MUST have a false acceptance rate not higher than 0.002%.

[C-SR] Are STRONGLY RECOMMENDED to have a spoof and imposter acceptance rate not

higher than 7%.

[C-1-2] MUST disclose that this mode may be less secure than a strong PIN, pattern, or

password and clearly enumerate the risks of enabling it, if the spoof and imposter

acceptance rates are higher than 7%.

[C-1-3] MUST rate limit attempts for at least 30 seconds after five false trials for

biometric verification - where a false trial is one with an adequate capture quality

(ACQUIRED_GOOD) that does not match an enrolled biometric

[C-1-4] MUST have a hardware-backed keystore implementation, and perform the

biometric matching in a Trusted Execution Environment (TEE) or on a chip with a secure

channel to the TEE.

[C-1-5] MUST have all identifiable data encrypted and cryptographically authenticated

such that they cannot be acquired, read or altered outside of the Trusted Execution

Environment (TEE), or a chip with a secure channel to the TEE as documented in the

implementation guidelines on the Android Open Source Project site.

[C-1-6] MUST prevent adding new biometrics without first establishing a chain of trust by

having the user confirm existing or add a new device credential (PIN/pattern/password)

that's secured by TEE; the Android Open Source Project implementation provides the

mechanism in the framework to do so.

[C-1-7] MUST NOT enable third-party applications to distinguish between biometric

enrollments.

[C-1-8] MUST honor the individual flag for that biometric (ie:

DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT ,

DevicePolicymanager.KEYGUARD_DISABLE_FACE , or

DevicePolicymanager.KEYGUARD_DISABLE_IRIS ).

[C-1-9] MUST completely remove all identifiable biometric data for a user when the user's

account is removed (including via a factory reset).

[C-1-10] MUST not allow unencrypted access to identifiable biometric data or any data

derived from it (such as embeddings) to the Application Processor outside the context of

the TEE.

[C-SR] Are STRONGLY RECOMMENDED to have a false rejection rate of less than 10%, as

measured on the device.

[C-SR] Are STRONGLY RECOMMENDED to have a latency below 1 second, measured from

when the biometric is detected, until the screen is unlocked, for each enrolled biometric.

7.3.11. Android Automotive-only sensors

Automotive-specific sensors are defined in the android.car.CarSensorManager API .

7.3.11.1. Current Gear

See Section 2.5.1 for device-specific requirements.

7.3.11.2. Day Night Mode

See Section 2.5.1 for device-specific requirements.

7.3.11.3. Driving Status

This requirement is deprecated.

Page 92 of 132