Apple opens Touch ID to third-party applications with iOS 8

Posted:
in iPhone edited September 2014
iPhone security and convenience have both been greatly enhanced by Apple's iOS 8, giving third-party developers the ability for the first time to utilize the secure Touch ID fingerprint sensor.




In order to take advantage of the new system-wide Touch ID capabilities in iOS 8, users don't need to do much of anything. In fact, it's developers who must update their software to take advantage of the new tools in iOS 8.

A handful of compatible apps secured by Touch ID are already available on the App Store, and undoubtedly many more will continue to populate Apple's digital download destination in the days and weeks to come as developers update their software.

From our early tests, some applications require users to enable a passcode or Touch ID support in the settings. Others, however, work by default and seek a fingerprint scan automatically once updated through the App Store.

Apple has kept Touch ID secure by not providing apps access to any of the fingerprint data stored on an iPhone's secure enclave. The prompt that appears is the same as the one Apple already uses to authorize iTunes and App Store purchases.




Users also have the option of bypassing the fingerprint scan and entering their lock screen password if they so choose.

Because the fingerprint data is not actually shared with the app, there is no centralized list in the iOS 8 Settings application of software that supports Touch ID security. In the "Touch ID & Passcode" section of Settings, users can only control Touch ID access for iPhone unlocking and iTunes and App Store purchases, leaving individual third-party apps to offer their own Touch ID settings to users.

In addition, Touch ID remains limited to five saved finger scans in iOS 8. Users can enhance security by disabling a simple passcode in Settings, and can also disable access to lockscreen features such as Siri and Passbook.

All this is to say that there is no enhanced customization available to developers who tap into Touch ID: Any of the five authorized fingerprints stored in an iPhone's secure enclave can be used to authorize access to an app. There are no fingerprint combination options, or the ability to add any more or unique prints.

Touch ID is currently only available on the iPhone 5s, but it will also be included with the iPhone 6 and iPhone 6 Plus when they become available this Friday.
«1

Comments

  • Reply 1 of 21
    Where iOS 8 at?
  • Reply 2 of 21
    my over/under is noon PT... and I'm betting the over (given the latest news there are issues with health kit)
  • Reply 3 of 21
    my over/under is noon PT... and I'm betting the over (given the latest news there are issues with health kit)

    I'm going to wait a day or two before installing the update.
  • Reply 4 of 21
    rogifanrogifan Posts: 10,669member
    And according to MacRumors there are issues with HealthKit and HealthKit compatible apps have been pulled from the App Store.
  • Reply 5 of 21

    Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.

    If they can open this to developers, why not ?Pay? 

    If something goes wrong... Apple's reputation gets spoiled irreversibly. 

  • Reply 6 of 21
    gatorguygatorguy Posts: 20,012member
    rogifan wrote: »
    And according to MacRumors there are issues with HealthKit and HealthKit compatible apps have been pulled from the App Store.

    Yeah, just read that. A little surprising this far into it, but better to delay and fix it now.
  • Reply 7 of 21
    rogifanrogifan Posts: 10,669member
    gatorguy wrote: »
    Yeah, just read that. A little surprising this far into it, but better to delay and fix it now.
    Question is, is this a major issue or something that gets blown out of proportion by Apple rumor sites tripping over each other to get new stuff up on their site. So far both the stories from 9to5Mac and MacRumors include tweets from one developer and nothing from Apple.
  • Reply 8 of 21
    rob55rob55 Posts: 1,254member
    Quote:
    Originally Posted by Chandra69 View Post

     

    Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.

    If they can open this to developers, why not ?Pay? 

    If something goes wrong... Apple's reputation gets spoiled irreversibly. 


     

    Based on your comment, it doesn't sound like you fully understand what Apple has opened up to 3rd party developers. The 3rd party apps are not accessing the enclave, they're just using the Touch ID sensor to tell the system it's you, and then the system provides they necessary login info to the app. At least that's how I understand it. And to clarify, based on dugbug's post, the "system" I'm referring to is the Touch ID system, not the OS.

  • Reply 9 of 21
    Quote:
    Originally Posted by Chandra69 View Post

     

    Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.

    If they can open this to developers, why not ?Pay? 

    If something goes wrong... Apple's reputation gets spoiled irreversibly. 


     

    1. develpers just get a yes/no that login should be allowed.  The OS itself does not even have access.  There is no software access in any way...

    2. Applepay is open to developers, there is an applepay api.  This was discussed in the keynote along with a sample UBER app used to pay with applepay in-app.

    3.  The fingerprint data in the enclave is only a mathematical signature salted with the device id.  it is not an actual fingerprint (in case someone was thinking that)

  • Reply 10 of 21
    Quote:

    Originally Posted by TheOtherGeoff View Post



    my over/under is noon PT... and I'm betting the over (given the latest news there are issues with health kit)

    The update is available now. Just checked my phone. 

  • Reply 11 of 21
    rob55rob55 Posts: 1,254member
    Quote:

    Originally Posted by Chandra69 View Post

     

    Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.

    If they can open this to developers, why not ?Pay? 

    If something goes wrong... Apple's reputation gets spoiled irreversibly. 


     

    Here's a good explanation over at Macworld. http://www.macworld.com/article/2455474/open-sesame-how-ios-8-will-unlock-touch-ids-power.html

  • Reply 12 of 21

    Anyone else bummed about this implementation?

     

    I share don't mind sharing my phone. I've added my fiancee's fingerprint to TouchID and she also knows my password. I also occasionally don't mind telling close friends my phone's password so they can look casually use apps and games. However, I passcode protect certain apps in my phone (Lastpass, Evernote, Goodreader, Dropbox, and almost every other app that offers it) so I know I am the only person with access, and I can lend my phone out in confidence.

     

    If anyone with my password can bypass the new TouchID authentication with the same code that is used to unlock the phone, why bother at all with third party access to TouchID. Just leave everything open. Once they unlock the phone with the password, the same password can be used to access/use every other app/extension with TouchID. Am I missing something?

     

    I would have liked to have seen application give the ability to use either TouchID or the apps old custom password protection, like my full Lastpass password. Even better, also allow the app to choose which saved fingers can be used.

     

    As much as I love seeing TouchID open to third parties, I don't think I will be using this with Mint, LastPass, Banks, etc.

  • Reply 13 of 21
    Originally Posted by jond View Post

    If anyone with my password can bypass the new TouchID authentication with the same code that is used to unlock the phone, why bother at all with third party access to TouchID.



    Because you’re not supposed to give people your password. ???? ???????

  • Reply 14 of 21

    Quote:


    Originally Posted by Tallest Skil View Post

     



    Because you’re not supposed to give people your password. ???? ???????


     

     

    Fair point.

     

    But answer me this, why do apps like Evernote, Dropbox, Goodreader, Mint, and many others offer the ability set a custom passwords?

  • Reply 15 of 21
    rob55rob55 Posts: 1,254member
    Quote:

    Originally Posted by jond View Post

     

    Anyone else bummed about this implementation?

     

    ...I would have liked to have seen application give the ability to use either TouchID or the apps old custom password protection, like my full Lastpass password. Even better, also allow the app to choose which saved fingers can be used.

     


     

    I do believe you can specify which Touch-ID enabled apps are actually allowed to use the Touch ID feature. Of course, I don't believe there's a way to give you exclusive Touch ID access to certain apps with your fiancee's print also in the enclave. It would be kind of interesting to have certain fingers for certain apps. I would use my middle finger for Google-related apps.

  • Reply 16 of 21
    Originally Posted by jond View Post

    But answer me this, why do apps like Evernote, Dropbox, Goodreader, Mint, and many others offer the ability set a custom passwords?




    For a second layer of security against theft. Streaming media services do the same; it’s nothing special.

  • Reply 17 of 21

    Quote:


    Originally Posted by Rob55 View Post

     

     

    I do believe you can specify which Touch-ID enabled apps are actually allowed to use the Touch ID feature. Of course, I don't believe there's a way to give you exclusive Touch ID access to certain apps with your fiancee's print also in the enclave. It would be kind of interesting to have certain fingers for certain apps. I would use my middle finger for Google-related apps.


     

    While it would be nice, I understand why it would be too much to expect them to incorporate having another person's print in the enclave. I know that is not intended use case.

     

    Quote:

    Originally Posted by Tallest Skil View Post

     



    For a second layer of security against theft. Streaming media services do the same; it’s nothing special.


     

    Well, with this implementation, that second layer is removed and ineffective if you enable TouchID in that app.

     

    Is it the end of the world? No. It just means I won't be using where it would be most convenient.

  • Reply 18 of 21
    gatorguygatorguy Posts: 20,012member
    rogifan wrote: »
    Question is, is this a major issue or something that gets blown out of proportion by Apple rumor sites tripping over each other to get new stuff up on their site. So far both the stories from 9to5Mac and MacRumors include tweets from one developer and nothing from Apple.
    Well, if there's no 3rd party Healthkit apps available for new iOS8 users today it might point to an Apple feature issue rather than an app or two being problematic.
  • Reply 19 of 21
    jond wrote: »
    Well, with this implementation, that second layer is removed and ineffective if you enable TouchID in that app.

    Is it the end of the world? No. It just means I won't be using where it would be most convenient.
    It's up to the developer whether to still require custom passwords or not which they will in fact do if their users request it.
  • Reply 20 of 21
    Quote:

    Originally Posted by Chandra69 View Post

     

    If they can open this to developers, why not ?Pay? 


    As I understand it, Apple Pay IS available to developers. It's "raw NFC" that is not available - at least, not yet.

Sign In or Register to comment.