iPhone Why don't Apple make Touch ID a public API?

Discussion in 'iOS 7' started by inselstudent, Sep 16, 2013.

  1. macrumors 6502a

    Jul 27, 2012
    I know about all the security concerns people have with the fingerprint scanner, but are there any reasons why Apple don't make it public, so that all apps can choose to require the fingerprint rather than an ordinary password? I'm more than certain it could be done without compromising the users' personal data security (in this case, their fingerprint) more than it already is. Other apps would only send a request to touch ID whether or not the fingerprint is the correct one. There wouldn't be any harm done.

    My point is, if you sell a device with such a nifty feature, why not make it actually usable in more ways than just to unlock your phone? I have a banking app, an app where I store passwords, and Amazon and eBay aren't exactly shy to request a password each time I use the apps, either.

    So what are your thoughts on this? Just as an option. Or am I missing something?
  2. macrumors 68000


    Jun 29, 2010
    Right here...
    Because, just by SAYING that third party apps will now be able to USE the fingerprint scanning capability with their own apps, will have people erroneously jumping to the conclusion that they will have some sort of access to the encrypted data associated with it.

    Apple is already being extremely cautious about it with their own software/hardware. No reason to freak people out more at this point before it is even available.

    Trust will come with time and then we will see...
  3. macrumors 68000


    Jul 6, 2012
    Kissimmee, FL
  4. macrumors 604


    Jun 30, 2007
    Also because it is quasi beta. Apple can experiment using it's own money (store) but to open it up out the gate and find it has problems would be a nightmare.

    Probably see an API next year if it passes all tests.
  5. macrumors 65816

    Jan 27, 2012
    What do 3rd party apps need API for if apple does iCloud Keychain properly? If Apple connects keychain to FP scanner right, this could revolutionize how we authenticate ourselves. No need for 3rd party apps to be involved at all. I don't trust apple 100% but do trust them more than some low tier app dev.
  6. macrumors 68020


    Nov 30, 2004
    Toronto, ON
    It'll come with iCloud keychain. All your passwords will be stored in the keychain and accessing it will be a system level authentication. Keychain was removed from the GM without explanation but its probably because Apple wants to introduce it with Mavericks so that they're cross compatible. Generating a random complex password in keychain on your iPhone is useless if you cant then log into websites on your Mac.
  7. macrumors 603

    Feb 4, 2008
    It's a brand new feature that could not possibly be tested on the scale required to make sure it's secure enough to open it up in an API. Worst thing that happens right now is someone can unlock your phone or make a ton of iTunes purchases. Remember the bugs in Maps last year? Well, imagine such a bug with Touch ID.
  8. macrumors 603


    Nov 5, 2009
  9. macrumors 65816

    Jan 27, 2012
    Exactly. No way would I put credit card numbers and the like on the keychain until apple is dead certain it's perfect.

    If they get the keychain/ FP scanner done right, I'll upgrade my 5 to the 5s just for that right there. Until then, I'm fine watching them make progress.
  10. macrumors 68020

    Oct 18, 2009
    Belfast, Ireland
    FWIW the keychain doesn't store the security code on the back of the card, so it's pretty useless to anyone who gets the details.
  11. thread starter macrumors 6502a

    Jul 27, 2012
    Oh I didn't know they said that. All I remembered from the keynote was that their "team also figured out another way to make use of touch ID", and that was making iTunes purchases, so I had the feeling that was all they'd ever planned for it. But if they're gonna implement it at some point anyway, then I'm all good with it. I wasn't going to buy a 5s anyway, though that's partly due to the limited functionality of touch ID :) thanks for all the replies btw
  12. macrumors 6502a

    Jul 16, 2013
    Let's rephrase the question - why would a third party app need access to the Touch ID API?

    If you assume (and granted it is an assumption, but a pretty solid one) that any app user who would want to authenticate with Touch ID is already using Touch ID for controlling access. That means if the phone is unlocked, it is already authenticated.

    For most purposes, that's sufficient. Anyone who can unlock the phone has full use of the apps and stored passwords on that phone, so the Touch ID acts as the "master lock" for the whole device.

    For some high-security applications, I can imagine asking the user to re-authenticate would probably be useful - banking/finance, corporate networks, etc. - but even then, the best that I imagine that an API would give them is the Apple ID of the authenticating user. Tying that to a real person's identity would have to be done somehow. Not impossible, of course, but one more thing to deal with.
  13. macrumors member

    Jun 11, 2012
    Well, I can think of some reasons:

    1) For our app, we provide document security. Many of our clients have a BYOD policy so IT departments may not be able to secure the device, but they can secure our app specifically.
    IT technically don't care if your Angry Birds score gets out, as long as they have some peace of mind that the documents are secure.

    2) The app has it's own 'soft lock' (app lock separate from the entire device lock), and we could use this to authenticate the soft lock.

    3) We could use this for two-factor authentication - A manual typed in password combined with a fingerprint scan

    4) restricting device sharing - A password set on the server can be used on multiple devices, but as the fingerprint scan is only stored locally, it therefore only unlocks one device (presumably you could apply a security policy on the device to stop them adding their fingerprint to another device)
    (We actually authenticate the device already, but this could be a more secure way to do it)
  14. macrumors 68000


    Jun 29, 2010
    Right here...
    What about apps that store passwords...would be nice if they let me use my fingerprint instead of entering a password to get into the app.

    There are a ton of apps that require a secondary password to get in...don't you use a banking app?
  15. macrumors newbie

    Sep 5, 2013
    I think for similar reasons copy/paste took so long - they need to have security and consistency across applications and starting with their own stable of apps is probably hard work enough for the time being.
  16. macrumors 6502

    Jun 23, 2010
  17. macrumors 6502a


    Mar 11, 2012
  18. macrumors 65816


    Sep 2, 2010
    New York
  19. macrumors 6502

    Apr 25, 2008
    Colorado Springs

Share This Page