Apple talks Touch ID fingerprint scanner security, safeguards
Apple came through with the long-rumored fingerprint scanner for the iPhone 5S yesterday, revealing the phone hardware and its Touch ID feature. As we’ve talked about the new capabilities Apple revealed, including this Touch ID functionality, we’ve noticed a number of you voicing concern in the comments: privacy issues, security issues, and reliability issues all seem to be on your minds. This afternoon, we get some more details on the system from Apple, and maybe some of what it has to say will help reassure you.
Apple’s already said that fingerprint data isn’t stored on its servers, and now goes into the specifics. Basically, when the iPhone 5S scans your print, it doesn’t store a full scan of your fingertip like a photo, but instead specific data from that scan. That’s encrypted on the phone, and even if someone could get at it, the data isn’t complete enough to create a full copy of your print. When you go to authenticate, the Touch ID scanner compares the new data it captures to that stored data.
Other security-minded decisions include blocking fingerprint unlocks after a phone has been rebooted or left locked for at least 48 hours – the idea there is to cut down on the time window an attacker would have to fake your fingerprint or otherwise get around Apple’s system.
As for accuracy, the scanner should be much more reliable than what we’re used to from other phones and laptops, but Apple still says that liquid on hands – whether sweat or lotion – can still get in the way.