Apple opens Touch ID to third-party applications with iOS 8
iPhone security and convenience have both been greatly enhanced by Apple's iOS 8, giving third-party developers the ability for the first time to utilize the secure Touch ID fingerprint sensor.
In order to take advantage of the new system-wide Touch ID capabilities in iOS 8, users don't need to do much of anything. In fact, it's developers who must update their software to take advantage of the new tools in iOS 8.
A handful of compatible apps secured by Touch ID are already available on the App Store, and undoubtedly many more will continue to populate Apple's digital download destination in the days and weeks to come as developers update their software.
From our early tests, some applications require users to enable a passcode or Touch ID support in the settings. Others, however, work by default and seek a fingerprint scan automatically once updated through the App Store.
Apple has kept Touch ID secure by not providing apps access to any of the fingerprint data stored on an iPhone's secure enclave. The prompt that appears is the same as the one Apple already uses to authorize iTunes and App Store purchases.
Users also have the option of bypassing the fingerprint scan and entering their lock screen password if they so choose.
Because the fingerprint data is not actually shared with the app, there is no centralized list in the iOS 8 Settings application of software that supports Touch ID security. In the "Touch ID & Passcode" section of Settings, users can only control Touch ID access for iPhone unlocking and iTunes and App Store purchases, leaving individual third-party apps to offer their own Touch ID settings to users.
In addition, Touch ID remains limited to five saved finger scans in iOS 8. Users can enhance security by disabling a simple passcode in Settings, and can also disable access to lockscreen features such as Siri and Passbook.
All this is to say that there is no enhanced customization available to developers who tap into Touch ID: Any of the five authorized fingerprints stored in an iPhone's secure enclave can be used to authorize access to an app. There are no fingerprint combination options, or the ability to add any more or unique prints.
Touch ID is currently only available on the iPhone 5s, but it will also be included with the iPhone 6 and iPhone 6 Plus when they become available this Friday.
In order to take advantage of the new system-wide Touch ID capabilities in iOS 8, users don't need to do much of anything. In fact, it's developers who must update their software to take advantage of the new tools in iOS 8.
A handful of compatible apps secured by Touch ID are already available on the App Store, and undoubtedly many more will continue to populate Apple's digital download destination in the days and weeks to come as developers update their software.
From our early tests, some applications require users to enable a passcode or Touch ID support in the settings. Others, however, work by default and seek a fingerprint scan automatically once updated through the App Store.
Apple has kept Touch ID secure by not providing apps access to any of the fingerprint data stored on an iPhone's secure enclave. The prompt that appears is the same as the one Apple already uses to authorize iTunes and App Store purchases.
Users also have the option of bypassing the fingerprint scan and entering their lock screen password if they so choose.
Because the fingerprint data is not actually shared with the app, there is no centralized list in the iOS 8 Settings application of software that supports Touch ID security. In the "Touch ID & Passcode" section of Settings, users can only control Touch ID access for iPhone unlocking and iTunes and App Store purchases, leaving individual third-party apps to offer their own Touch ID settings to users.
In addition, Touch ID remains limited to five saved finger scans in iOS 8. Users can enhance security by disabling a simple passcode in Settings, and can also disable access to lockscreen features such as Siri and Passbook.
All this is to say that there is no enhanced customization available to developers who tap into Touch ID: Any of the five authorized fingerprints stored in an iPhone's secure enclave can be used to authorize access to an app. There are no fingerprint combination options, or the ability to add any more or unique prints.
Touch ID is currently only available on the iPhone 5s, but it will also be included with the iPhone 6 and iPhone 6 Plus when they become available this Friday.
Comments
I'm going to wait a day or two before installing the update.
Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.
If they can open this to developers, why not ?Pay?
If something goes wrong... Apple's reputation gets spoiled irreversibly.
Yeah, just read that. A little surprising this far into it, but better to delay and fix it now.
Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.
If they can open this to developers, why not ?Pay?
If something goes wrong... Apple's reputation gets spoiled irreversibly.
Based on your comment, it doesn't sound like you fully understand what Apple has opened up to 3rd party developers. The 3rd party apps are not accessing the enclave, they're just using the Touch ID sensor to tell the system it's you, and then the system provides they necessary login info to the app. At least that's how I understand it. And to clarify, based on dugbug's post, the "system" I'm referring to is the Touch ID system, not the OS.
Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.
If they can open this to developers, why not ?Pay?
If something goes wrong... Apple's reputation gets spoiled irreversibly.
1. develpers just get a yes/no that login should be allowed. The OS itself does not even have access. There is no software access in any way...
2. Applepay is open to developers, there is an applepay api. This was discussed in the keynote along with a sample UBER app used to pay with applepay in-app.
3. The fingerprint data in the enclave is only a mathematical signature salted with the device id. it is not an actual fingerprint (in case someone was thinking that)
my over/under is noon PT... and I'm betting the over (given the latest news there are issues with health kit)
The update is available now. Just checked my phone.
Even though the finger print digi-data is saved on secured enclave on a chip, I am not so happy and sure about opening this to all developers.
If they can open this to developers, why not ?Pay?
If something goes wrong... Apple's reputation gets spoiled irreversibly.
Here's a good explanation over at Macworld. http://www.macworld.com/article/2455474/open-sesame-how-ios-8-will-unlock-touch-ids-power.html
Anyone else bummed about this implementation?
I share don't mind sharing my phone. I've added my fiancee's fingerprint to TouchID and she also knows my password. I also occasionally don't mind telling close friends my phone's password so they can look casually use apps and games. However, I passcode protect certain apps in my phone (Lastpass, Evernote, Goodreader, Dropbox, and almost every other app that offers it) so I know I am the only person with access, and I can lend my phone out in confidence.
If anyone with my password can bypass the new TouchID authentication with the same code that is used to unlock the phone, why bother at all with third party access to TouchID. Just leave everything open. Once they unlock the phone with the password, the same password can be used to access/use every other app/extension with TouchID. Am I missing something?
I would have liked to have seen application give the ability to use either TouchID or the apps old custom password protection, like my full Lastpass password. Even better, also allow the app to choose which saved fingers can be used.
As much as I love seeing TouchID open to third parties, I don't think I will be using this with Mint, LastPass, Banks, etc.
Because you’re not supposed to give people your password. ???? ???????
Quote:
Because you’re not supposed to give people your password. ???? ???????
Fair point.
But answer me this, why do apps like Evernote, Dropbox, Goodreader, Mint, and many others offer the ability set a custom passwords?
Anyone else bummed about this implementation?
...I would have liked to have seen application give the ability to use either TouchID or the apps old custom password protection, like my full Lastpass password. Even better, also allow the app to choose which saved fingers can be used.
I do believe you can specify which Touch-ID enabled apps are actually allowed to use the Touch ID feature. Of course, I don't believe there's a way to give you exclusive Touch ID access to certain apps with your fiancee's print also in the enclave. It would be kind of interesting to have certain fingers for certain apps. I would use my middle finger for Google-related apps.
But answer me this, why do apps like Evernote, Dropbox, Goodreader, Mint, and many others offer the ability set a custom passwords?
For a second layer of security against theft. Streaming media services do the same; it’s nothing special.
Quote:
I do believe you can specify which Touch-ID enabled apps are actually allowed to use the Touch ID feature. Of course, I don't believe there's a way to give you exclusive Touch ID access to certain apps with your fiancee's print also in the enclave. It would be kind of interesting to have certain fingers for certain apps. I would use my middle finger for Google-related apps.
While it would be nice, I understand why it would be too much to expect them to incorporate having another person's print in the enclave. I know that is not intended use case.
For a second layer of security against theft. Streaming media services do the same; it’s nothing special.
Well, with this implementation, that second layer is removed and ineffective if you enable TouchID in that app.
Is it the end of the world? No. It just means I won't be using where it would be most convenient.
If they can open this to developers, why not ?Pay?
As I understand it, Apple Pay IS available to developers. It's "raw NFC" that is not available - at least, not yet.