Google recently updated Google Play Services, the utility that smartphone owners use to update Google apps and and other downloads from Google Play. The recently issued Version 7.0 features (among other things) “Trusted Voice,” which enables smartphone owners to speak a selected passphrase to receive updates or download new apps. This article, by Ron Amadeo in Ars Technica, provides additional background.

Trusted Voice is a feature of “smart lock,” which already supported user authentication and purchase authorization using a “secure device” or facial recognition (Trusted Face). Adding voice as an option let’s users enroll by repeating a phrase a couple of times and then they can use their voice to unlock the device or authorize purchases through Google Play. Google doesn’t name the company that provides the underlying voice biometric engine, but it appears to support text-independent voice authentication (meaning that the phone’s owner can choose a phrase).

An unfortunate aspect of the roll-out is Google’s choice of words in what amounts to a disclaimer. As illustrated in the screen scrape depicted in this post (courtesy of Ars Technica) Google has chosen to observe that “Trusted voice is less secure than a pattern, PIN, or password.” That may be true for this instantiation of voice-based authentication, but it implies that voice, in general, is less secure than its alternatives. That is both wrong, and a disservice to the community of voice biometrics solutions providers who are training their sights on mobile payment authorization and user authentication.

Categories: Intelligent Authentication, Articles

Tags: Google, Android, mobile security, Google Play