Friday, September 13, 2013

Apple addresses privacy, security concerns over its Touch ID fingerprint sensor

If you are wondering if the iPhone 5S' new fingerprint scanner stores a scan of your fingerprint -- or worse, sends it back to Apple's servers -- don't be. Apple gave Digits a look into Touch ID's privacy and security features on Wednesday, and ameliorated such concerns.

At the same time, though, if you're wondering if Touch ID feature will work as promised (and demoed in ideal conditions?), the answer is "probably."

Touch ID no only encrypts the data, it also stores only “fingerprint data,” rather than a scanned image, locally on the iPhone (in the A7 CPU, to be precise). This practice should mean that even if a hacker managed to get access to the data and unencrypt it, they would be unable to gain a fingerprint scan.

To do so, they would have to reverse engineer Apple's algorithm, which is higher unlikely. Of course, as we've recently be shown, nothing is impossible.

Still, Apple has made it extremely difficult to work around the feature. Much as with Google' Face Recognition software, used to login on Android devices, those using Touch ID must create a second authentication method, a PIN. In the event that the phone is rebooted or hasn’t been unlocked for 48 hours.

Still, don’t expect the iPhone fingerprint scanner to be perfect, an Apple spokesman said Wednesday. During testing, Apple discovered that Touch ID sometimes doesn’t work if a finger is covered in sweat or other liquids. It also may fail if the finger has lotion on it.

In addition, it may fail if a finger is scarred by accidents or surgery, but in those cases, users were able to use another finger successfully with the scanner.

Finally, Apple has not -- and based on its promotional video -- will never allow third-party applications access to APIs that will allow them to access to the fingerprint data.

Watch the video.

No comments: