Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhone Why don't Apple make Touch ID a public API?

I

inselstudent

macrumors 6502a
Original poster
Jul 27, 2012
617
4
I know about all the security concerns people have with the fingerprint scanner, but are there any reasons why Apple don't make it public, so that all apps can choose to require the fingerprint rather than an ordinary password? I'm more than certain it could be done without compromising the users' personal data security (in this case, their fingerprint) more than it already is. Other apps would only send a request to touch ID whether or not the fingerprint is the correct one. There wouldn't be any harm done.

My point is, if you sell a device with such a nifty feature, why not make it actually usable in more ways than just to unlock your phone? I have a banking app, an app where I store passwords, and Amazon and eBay aren't exactly shy to request a password each time I use the apps, either.

So what are your thoughts on this? Just as an option. Or am I missing something?
 
MozMan68

MozMan68

macrumors demi-god
Jun 29, 2010
6,073
5,160
South Cackalacky
Because, just by SAYING that third party apps will now be able to USE the fingerprint scanning capability with their own apps, will have people erroneously jumping to the conclusion that they will have some sort of access to the encrypted data associated with it.

Apple is already being extremely cautious about it with their own software/hardware. No reason to freak people out more at this point before it is even available.

Trust will come with time and then we will see...
 
Julien

Julien

macrumors G4
Jun 30, 2007
11,835
5,432
Atlanta
Also because it is quasi beta. Apple can experiment using it's own money (store) but to open it up out the gate and find it has problems would be a nightmare.

Probably see an API next year if it passes all tests.
 
M

Mrg02d

macrumors 65816
Jan 27, 2012
1,102
2
What do 3rd party apps need API for if apple does iCloud Keychain properly? If Apple connects keychain to FP scanner right, this could revolutionize how we authenticate ourselves. No need for 3rd party apps to be involved at all. I don't trust apple 100% but do trust them more than some low tier app dev.
 
ipedro

ipedro

macrumors 603
Nov 30, 2004
6,245
8,520
Toronto, ON
It'll come with iCloud keychain. All your passwords will be stored in the keychain and accessing it will be a system level authentication. Keychain was removed from the GM without explanation but its probably because Apple wants to introduce it with Mavericks so that they're cross compatible. Generating a random complex password in keychain on your iPhone is useless if you cant then log into websites on your Mac.
 
M

Michael CM1

macrumors 603
Feb 4, 2008
5,681
276
It's a brand new feature that could not possibly be tested on the scale required to make sure it's secure enough to open it up in an API. Worst thing that happens right now is someone can unlock your phone or make a ton of iTunes purchases. Remember the bugs in Maps last year? Well, imagine such a bug with Touch ID.
 
M

Mrg02d

macrumors 65816
Jan 27, 2012
1,102
2
Carlanga said:
they said not yet... so wait.
Click to expand...

Exactly. No way would I put credit card numbers and the like on the keychain until apple is dead certain it's perfect.

If they get the keychain/ FP scanner done right, I'll upgrade my 5 to the 5s just for that right there. Until then, I'm fine watching them make progress.
 
Z

Zcott

macrumors 68020
Oct 18, 2009
2,307
47
Belfast, Ireland
Mrg02d said:
Exactly. No way would I put credit card numbers and the like on the keychain until apple is dead certain it's perfect.

If they get the keychain/ FP scanner done right, I'll upgrade my 5 to the 5s just for that right there. Until then, I'm fine watching them make progress.
Click to expand...

FWIW the keychain doesn't store the security code on the back of the card, so it's pretty useless to anyone who gets the details.
 
I

inselstudent

macrumors 6502a
Original poster
Jul 27, 2012
617
4
Carlanga said:
they said not yet... so wait.
Click to expand...

Oh I didn't know they said that. All I remembered from the keynote was that their "team also figured out another way to make use of touch ID", and that was making iTunes purchases, so I had the feeling that was all they'd ever planned for it. But if they're gonna implement it at some point anyway, then I'm all good with it. I wasn't going to buy a 5s anyway, though that's partly due to the limited functionality of touch ID :) thanks for all the replies btw
 
L

Lord Hamsa

macrumors 6502a
Jul 16, 2013
698
675
Let's rephrase the question - why would a third party app need access to the Touch ID API?

If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.

For some high-security applications, I can imagine asking the user to re-authenticate would probably be useful - banking/finance, corporate networks, etc. - but even then, the best that I imagine that an API would give them is the Apple ID of the authenticating user. Tying that to a real person's identity would have to be done somehow. Not impossible, of course, but one more thing to deal with.
 
S

se99jmk

macrumors regular
Jun 11, 2012
105
16
Lord Hamsa said:
Let's rephrase the question - why would a third party app need access to the Touch ID API?

If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.
Click to expand...

Well, I can think of some reasons:

1) For our app, we provide document security. Many of our clients have a BYOD policy so IT departments may not be able to secure the device, but they can secure our app specifically.
IT technically don't care if your Angry Birds score gets out, as long as they have some peace of mind that the documents are secure.

2) The app has it's own 'soft lock' (app lock separate from the entire device lock), and we could use this to authenticate the soft lock.

3) We could use this for two-factor authentication - A manual typed in password combined with a fingerprint scan

4) restricting device sharing - A password set on the server can be used on multiple devices, but as the fingerprint scan is only stored locally, it therefore only unlocks one device (presumably you could apply a security policy on the device to stop them adding their fingerprint to another device)
(We actually authenticate the device already, but this could be a more secure way to do it)
 
MozMan68

MozMan68

macrumors demi-god
Jun 29, 2010
6,073
5,160
South Cackalacky
Lord Hamsa said:
Let's rephrase the question - why would a third party app need access to the Touch ID API?

If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.

For some high-security applications, I can imagine asking the user to re-authenticate would probably be useful - banking/finance, corporate networks, etc. - but even then, the best that I imagine that an API would give them is the Apple ID of the authenticating user. Tying that to a real person's identity would have to be done somehow. Not impossible, of course, but one more thing to deal with.
Click to expand...

What about apps that store passwords...would be nice if they let me use my fingerprint instead of entering a password to get into the app.

There are a ton of apps that require a secondary password to get in...don't you use a banking app?
 
B

Bandit3dgfx

macrumors newbie
Sep 5, 2013
9
0
I think for similar reasons copy/paste took so long - they need to have security and consistency across applications and starting with their own stable of apps is probably hard work enough for the time being.
 
musika

musika

macrumors 65816
Sep 2, 2010
1,285
459
New York
WhackyNinja said:
Because it's Apple
Click to expand...

mqdefault.jpg
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom