Originally Posted by TheOtherGeoff
Piling on in agreement.If the former, I think the key aspect is the base security architecture. Right now, there appear to be a lot of linkages about one AppleID per Device, while nothing I've read about the TouchID, and the Secure Enclave says it can't, I'm having a hard time seeing 2 or more distinct individuals (appleIDs) sharing the same device in the TouchID enabled case. And, in (maybe my imagined) theory, I would assume everything would have to be duplicated locally (minimally, all the data spaces for each app... no locally shared music, videos, for example... possibly even each app would have to be duplicated, assuming different AppleIDs are in play). To your point, the Security enclave itself would have multiple separate storages for PINs and fingerprint hashes, and they would have to search both to find which is which... and some security things would have to be common settings (number of failures to remote wipe.... who's phone is it really in FindMyiPhone), which then requires an 'admin' level user... The problem doesn't scale in the 'end to end' security model.The path appears that the Apple model is one person per device (and multiple devices per person). Data in the cloud can be shared, but no local data. And I do think the Security enclave will be base hardware on all 2015 released devices.
If the latter, even that may be less than doable, given a general purpose (non BES only) requirement of being managed by any of the commercial MDMs on the 'work' side, primarily from the Device/User Security union, in particular apps like Safari, Mail, Phone... If I can't separate browsing my corporate HR database in one Safari window, from other browser windows, where a simple (or poorly placed) paste could expose $Ms of breachable records.
I wasn't going to go down that rabbit hole but since we're there… you're correct.
I think Apple could use it's Mac OS experience to make an application repository that looks
like each installed app is not each Home Screen if the user wants it. This would mean that a user could go to the App Store and download, say, Threes!
* at 36MiB but it would appear instantly if another user on the device already had it installed.
I think. like on the Mac, they could use a segregated PLIST files and storage, but that would take a change to the app setup as it currently stands. I think all the Mac App Store apps that use iCloud for storage don't have an issue with this. The problem I see is getting all developers to update their apps or for Apple to create an intermediary layer where the app is stored in a clean state and then your data is "side loaded" each time by the system and then removed and saved again before it quits. Both of these seem like a problem to me.
I think the secure enclave could be grown substanitally to accommodate more prints without affecting TouchID performance so I'd say this would be the easiest of the options**. I also think Find My iPhone could simply work with multiple accounts on a single device but I wonder if multiple accounts for a single phone number is reasonable.
Bottom line, it's a nice wish but I'd be surprised if ever actually happens without a lot of changes across the board.
* Threes! is my number one game for going number two.
** Is TouchID's 1 in 50,000 reference to each finger so having 5 fingers is 1 in in 10,000, like a 4-digit PIN? If so, then having 5 user accounts with 5 fingers each puts TouchID at 1 in 2,000 chance of a random finger working.