updated 07:30 pm EDT, Wed September 11, 2013
Passcode still required as fallback, used if finger not ID'd within 48 hours
More details have emerged about Apple's Touch ID system, built into the home button of the forthcoming iPhone 5s. The company has confirmed that the devices doesn't store an actual image of the user's fingerprints, for example, and further revealed that a basic passcode is required to be set up as a fallback before users can set up one or more fingerprints that can be used to unlock the iPhone 5s or make iTunes Store purchases. The ID data, as the company said on Tuesday, remains locally-stored and encrypted.
Many iOS device owners already use a passcode to unlock their devices, along with services such as Find My iPhone to help deter thieves -- however, Apple's own research showed that around half of users had no such protections, a factor in making the iPhone one of the most prized among stolen objects. Apple hopes that the fingerprint technology will encourage users to set up security options, as well as make the iPhone less desirable to thieves, who can quickly reformat and "flip" iPhones in some cases before technologies like Find My iPhone can track the device.
Apple is also bringing another anti-theft technology to the iPhone with the release of iOS 7, called Activation Lock that will help protect all iOS 7-running iPhone models. It prevents a thief or miscreant from changing or erasing the iPhone, or deactivating Find My iPhone tracking without knowing the owner's passcode. The iPhone also cannot be reactivated by a carrier, even after the SIM card has been changed, without a passcode.
The system used by Apple for Touch ID should mean that even if someone found a way to crack the encryption in the chip (which would require physical access), they wouldn't be able to reconstruct someone's fingerprint. The company revealed that having at least a four-digit passcode is required to use the fingerprint technology as a fallback in case of malfunction (or obstructions that the reader can't handle, like unusual amounts of dirt or sweat). If the iPhone hasn't been rebooted or unlocked for 48 hours, the passcode must be used to unlock the device -- a move Apple hopes will block hackers with physical access from having enough time to find a way to circumvent the fingerprint scanner, for example by disabling it.
It should go without saying, but a company spokesman told the Wall Street Journal that fingers used for the Touch ID process should be clean and avoid having significant sweat, lotion or other liquids on them at the time. Scarred or damaged fingers will also have a lower success rate, but users can make another digit the default in those cases. The system supports profiles of several fingerprints from the same user or from alternate users.
Despite the many possible options fingerprint scanning makes available -- like e-commerce or multiple iOS user accounts on a single device -- for the present the company will focus only on unlocking and iTunes Store purchase authorizations. It does not plan to allow third-party developers access to the technology in the near-term, and may never allow it, according to SVP of Worldwide Marketing Phil Schiller.
The technology is seen as a significant improvement on existing fingerprint scanners, many of which require users to swipe fingers repeatedly along a path. Reliability of recognition has been a major hindrance in the mainstream acceptance of biometric scanners until now, but various hands-on video demonstrations of the iPhone 5s's implementation seem to reinforce Apple's claim that the technology works well and is extremely easy to set up.