Apple Touch ID Fingerprint Sensor
Apple's new flagship phone, the iPhone 5s, has a lot going for it. Experts and consumers are raving about the new 64-bit processor, the advanced camera, and the high-speed GPU. Despite all that, most of the buzz has been around Apple's Touch ID, its fingerprint sensor that enables users to unlock their phones using their fingerprint.
Most important of all is the fact that it actively encourages users to lock their phones. People rarely use passcodes and PINs to lock their phones these days. Touch ID seems like an easy, efficient way of unlocking phones without compromising on security.
This brings up an interesting point: Android had tried biometrics before. In fact, Motorola was the first manufacturer to try out fingerprint scanning in its 2011 Atrix model. The phone read fingers as they were swiped across its back. Although it was a good idea because the gesture felt natural, the execution was anything but. The system was embarrassingly inaccurate and prone to errors. Android has also tried unlocking phones through facial recognition. In fact, this became a standard feature in the latest versions of the operating system. However, it could be easily fooled using photographs, among other methods.
So far Apple appears to have gotten it right. It is using the ubiquitous home button, which users are extremely familiar with, and using it as a way of letting users unlock their phones. There's the security factor, too: fingerprints are very difficult to spoof, so even if someone cracks the phone's encryption or security chip, gaining access to a locked phone would still be extremely difficult.
On top of that, Apple hopes to ensure further security by having users create a passcode as a backup. If the phone has not been rebooted or unlocked in two days, users will need to use the passcode to unlock the phone. This is being done to deter hackers who may be stalling for time to find a way to get around the fingerprint sensor.
What's Not to Like about Touch ID
There is one major gripe that privacy hawks have with Apple's Touch ID: fingerprint data. Now that users know that NSA monitors their online activities — including encrypted conversations — they are wary about handing over their fingerprint data. To that end, Apple has responded by saying that the data is stored locally and never transmitted to Apple's or any other company's servers. The data, Apple says, will remain encrypted within the iPhone 5s processor, which will turn it into a digital signature to unlock itself or make purchases in the App Store.
Having said that, Apple is also not giving third-party developers any access to the fingerprint sensor. Since developers are being walled off from this feature, there will not be any apps designed around this new hardware. Although this makes sense from a security perspective, it is disappointing to note that developers and consumers are both going to miss out on some interesting — perhaps revolutionary! — ideas from being executed.
This brings up the final point: enterprises are going to hate Touch ID. Since it is being walled off from third-party developers, enterprises will not be able to incorporate the fingerprint sensor feature into their systems. This means that employees who wish to use the iPhone 5s at work will not be able to use single sign-on features of iOS7 or meet the standards-based cloud and enterprise IAM systems. Therefore, enterprises get no tangible benefits from this new hardware that is simply not friendly to openness and standards.
As it stands right now, Apple's Touch ID is an interesting proposition. It is yet to be seen just how effective it is at security; also, it remains to be seen just how receptive people are going to be towards it. Previous efforts at biometrics had not been executed well enough, but Apple has a history of pulling things off quite brilliantly. The future, at least right now, looks to be a more secure one.