Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > iOS > iOS 7

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 16, 2013, 03:12 PM   #1
inselstudent
macrumors 6502a
 
Join Date: Jul 2012
Why don't Apple make Touch ID a public API?

I know about all the security concerns people have with the fingerprint scanner, but are there any reasons why Apple don't make it public, so that all apps can choose to require the fingerprint rather than an ordinary password? I'm more than certain it could be done without compromising the users' personal data security (in this case, their fingerprint) more than it already is. Other apps would only send a request to touch ID whether or not the fingerprint is the correct one. There wouldn't be any harm done.

My point is, if you sell a device with such a nifty feature, why not make it actually usable in more ways than just to unlock your phone? I have a banking app, an app where I store passwords, and Amazon and eBay aren't exactly shy to request a password each time I use the apps, either.

So what are your thoughts on this? Just as an option. Or am I missing something?
inselstudent is offline   0 Reply With Quote
Old Sep 16, 2013, 03:15 PM   #2
MozMan68
macrumors 65816
 
MozMan68's Avatar
 
Join Date: Jun 2010
Location: West Siiiiide of Michigan
Because, just by SAYING that third party apps will now be able to USE the fingerprint scanning capability with their own apps, will have people erroneously jumping to the conclusion that they will have some sort of access to the encrypted data associated with it.

Apple is already being extremely cautious about it with their own software/hardware. No reason to freak people out more at this point before it is even available.

Trust will come with time and then we will see...
MozMan68 is offline   7 Reply With Quote
Old Sep 16, 2013, 03:18 PM   #3
WhackyNinja
macrumors 68000
 
WhackyNinja's Avatar
 
Join Date: Jul 2012
Location: Kissimmee, FL
Send a message via Skype™ to WhackyNinja
Because it's Apple
WhackyNinja is offline   2 Reply With Quote
Old Sep 16, 2013, 03:50 PM   #4
Julien
macrumors 68040
 
Join Date: Jun 2007
Location: Atlanta
Also because it is quasi beta. Apple can experiment using it's own money (store) but to open it up out the gate and find it has problems would be a nightmare.

Probably see an API next year if it passes all tests.
Julien is offline   4 Reply With Quote
Old Sep 16, 2013, 04:06 PM   #5
Mrg02d
Banned
 
Join Date: Jan 2012
What do 3rd party apps need API for if apple does iCloud Keychain properly? If Apple connects keychain to FP scanner right, this could revolutionize how we authenticate ourselves. No need for 3rd party apps to be involved at all. I don't trust apple 100% but do trust them more than some low tier app dev.
Mrg02d is offline   3 Reply With Quote
Old Sep 16, 2013, 04:31 PM   #6
ipedro
macrumors 68020
 
Join Date: Nov 2004
Location: Toronto, ON
It'll come with iCloud keychain. All your passwords will be stored in the keychain and accessing it will be a system level authentication. Keychain was removed from the GM without explanation but its probably because Apple wants to introduce it with Mavericks so that they're cross compatible. Generating a random complex password in keychain on your iPhone is useless if you cant then log into websites on your Mac.
__________________
iMac 27" i7 | MacBook Pro 17" 2009 | iPhone5 | iPad Air | tv | Time Capsule
ipedro is offline   2 Reply With Quote
Old Sep 16, 2013, 04:33 PM   #7
Michael CM1
macrumors 601
 
Join Date: Feb 2008
It's a brand new feature that could not possibly be tested on the scale required to make sure it's secure enough to open it up in an API. Worst thing that happens right now is someone can unlock your phone or make a ton of iTunes purchases. Remember the bugs in Maps last year? Well, imagine such a bug with Touch ID.
__________________
13.3" 2014 MacBook Air; Mid-2010 21.5" iMac; silver iPhone 5S 32GB; white iPad Air 32 GB; third-gen TV (x2)
Michael CM1 is offline   0 Reply With Quote
Old Sep 16, 2013, 04:38 PM   #8
Carlanga
macrumors 601
 
Carlanga's Avatar
 
Join Date: Nov 2009
Location: PR
they said not yet... so wait.
__________________
☻ "A dream you dream alone is only a dream...
... A dream you dream together is reality." ☻
Carlanga is offline   0 Reply With Quote
Old Sep 16, 2013, 04:59 PM   #9
Mrg02d
Banned
 
Join Date: Jan 2012
Quote:
Originally Posted by Carlanga View Post
they said not yet... so wait.
Exactly. No way would I put credit card numbers and the like on the keychain until apple is dead certain it's perfect.

If they get the keychain/ FP scanner done right, I'll upgrade my 5 to the 5s just for that right there. Until then, I'm fine watching them make progress.
Mrg02d is offline   0 Reply With Quote
Old Sep 16, 2013, 07:13 PM   #10
Zcott
macrumors 68020
 
Join Date: Oct 2009
Location: Belfast, Ireland
Quote:
Originally Posted by Mrg02d View Post
Exactly. No way would I put credit card numbers and the like on the keychain until apple is dead certain it's perfect.

If they get the keychain/ FP scanner done right, I'll upgrade my 5 to the 5s just for that right there. Until then, I'm fine watching them make progress.
FWIW the keychain doesn't store the security code on the back of the card, so it's pretty useless to anyone who gets the details.
Zcott is offline   0 Reply With Quote
Old Sep 16, 2013, 07:34 PM   #11
inselstudent
Thread Starter
macrumors 6502a
 
Join Date: Jul 2012
Quote:
Originally Posted by Carlanga View Post
they said not yet... so wait.
Oh I didn't know they said that. All I remembered from the keynote was that their "team also figured out another way to make use of touch ID", and that was making iTunes purchases, so I had the feeling that was all they'd ever planned for it. But if they're gonna implement it at some point anyway, then I'm all good with it. I wasn't going to buy a 5s anyway, though that's partly due to the limited functionality of touch ID thanks for all the replies btw
inselstudent is offline   0 Reply With Quote
Old Sep 17, 2013, 07:08 AM   #12
Lord Hamsa
macrumors 6502
 
Join Date: Jul 2013
Let's rephrase the question - why would a third party app need access to the Touch ID API?

If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.

For some high-security applications, I can imagine asking the user to re-authenticate would probably be useful - banking/finance, corporate networks, etc. - but even then, the best that I imagine that an API would give them is the Apple ID of the authenticating user. Tying that to a real person's identity would have to be done somehow. Not impossible, of course, but one more thing to deal with.
Lord Hamsa is offline   0 Reply With Quote
Old Sep 17, 2013, 07:20 AM   #13
se99jmk
macrumors newbie
 
Join Date: Jun 2012
Quote:
Originally Posted by Lord Hamsa View Post
Let's rephrase the question - why would a third party app need access to the Touch ID API?

If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.
Well, I can think of some reasons:

1) For our app, we provide document security. Many of our clients have a BYOD policy so IT departments may not be able to secure the device, but they can secure our app specifically.
IT technically don't care if your Angry Birds score gets out, as long as they have some peace of mind that the documents are secure.

2) The app has it's own 'soft lock' (app lock separate from the entire device lock), and we could use this to authenticate the soft lock.

3) We could use this for two-factor authentication - A manual typed in password combined with a fingerprint scan

4) restricting device sharing - A password set on the server can be used on multiple devices, but as the fingerprint scan is only stored locally, it therefore only unlocks one device (presumably you could apply a security policy on the device to stop them adding their fingerprint to another device)
(We actually authenticate the device already, but this could be a more secure way to do it)
se99jmk is offline   0 Reply With Quote
Old Sep 17, 2013, 07:21 AM   #14
MozMan68
macrumors 65816
 
MozMan68's Avatar
 
Join Date: Jun 2010
Location: West Siiiiide of Michigan
Quote:
Originally Posted by Lord Hamsa View Post
Let's rephrase the question - why would a third party app need access to the Touch ID API?

If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.

For some high-security applications, I can imagine asking the user to re-authenticate would probably be useful - banking/finance, corporate networks, etc. - but even then, the best that I imagine that an API would give them is the Apple ID of the authenticating user. Tying that to a real person's identity would have to be done somehow. Not impossible, of course, but one more thing to deal with.
What about apps that store passwords...would be nice if they let me use my fingerprint instead of entering a password to get into the app.

There are a ton of apps that require a secondary password to get in...don't you use a banking app?
MozMan68 is offline   0 Reply With Quote
Old Sep 17, 2013, 07:37 AM   #15
Bandit3dgfx
macrumors newbie
 
Join Date: Sep 2013
I think for similar reasons copy/paste took so long - they need to have security and consistency across applications and starting with their own stable of apps is probably hard work enough for the time being.
Bandit3dgfx is offline   0 Reply With Quote
Old Sep 17, 2013, 09:09 AM   #16
ominx
macrumors 6502
 
Join Date: Jun 2010
This is a good read on Touch ID. It explains how secure it really is and that the only data that is relayed to apps is a simple "yes" or "no". In time Touch ID will be fully deployed, however we will need to wait for other key elements to fall into place first.

http://9to5mac.com/2013/09/17/why-to...s-appreciated/
ominx is offline   0 Reply With Quote
Old Sep 17, 2013, 10:35 AM   #17
iBighouse
macrumors regular
 
Join Date: Mar 2012
Here's an interesting read...
http://9to5mac.com/2013/09/17/why-to...ntelligence%29
iBighouse is offline   0 Reply With Quote
Old Sep 17, 2013, 10:55 AM   #18
musika
macrumors 65816
 
musika's Avatar
 
Join Date: Sep 2010
Location: New York
Quote:
Originally Posted by WhackyNinja View Post
Because it's Apple
__________________
I write about lots of things at turtlepie.net.
musika is offline   0 Reply With Quote
Old Sep 17, 2013, 11:28 AM   #19
Jakimo
macrumors 6502
 
Join Date: Apr 2008
Location: Colorado Springs
Here is an excellent article that really gives insight. Apple is playing this out perfectly...

http://www.quora.com/Apple-Secure-En...s-it-important
Jakimo is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iOS > iOS 7

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Why does Apple chose to make Touch ID useless? jsnuff1 iPhone 33 Apr 25, 2014 03:28 AM
Apple's Public Relations should make an official Facebook page? rMBP13 Apple, Industry and Internet Discussion 12 Mar 29, 2013 09:40 AM
Apple agrees to return your rMBP? Don't make the mistake I made.. Ccrew MacBook Pro 40 Mar 12, 2013 04:28 PM
Why don't apple make a keyboard the side of the iPad? gladoscc iPad Accessories 5 Oct 8, 2012 10:13 AM
Why don't apple make a display smaller than 27" oxfordguy Mac Peripherals 7 Jul 1, 2012 10:28 AM

Forum Jump

All times are GMT -5. The time now is 12:07 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC