Skip to main content

Apple details Fingerprint Sensor/Touch ID security, 48 hour wipe standard

touchid

Via the Wall Street Journal, an Apple spokesperson fleshes out some of the finer details surrounding the fingerprint sensor and Touch ID.  To use Touch ID, it is mandatory to also set up a passcode. This acts as a fallback in case the fingerprint sensor fails temporarily or experiences a permanent hardware fault. iOS may necessitate a passcode under some other conditions, as well.

Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn’t been unlocked for 48 hours. This feature is meant to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.

By having the sensitive data expire fairly quickly, Apple is hoping that hackers will not have enough time to decrypt the data and have it still be useful. However, the time is long enough that it should not inconvenience users very often.

Apple says testing has shown that although the sensor is substantially better than fingerprint protection systems found in laptops, it will fail occasionally. In particular, Apple points out that moist fingers (such as sweat or residue from creams and lotions) do not work well with the device. The system may also have difficulty reading fingers that have scarred skin. However, as Touch ID can manage up to five fingerprint profiles at a time, Apple notes that customers can still take advantage of the feature by simply using a different finger for recognition.

In addition, Apple reaffirmed that third-party apps currently do not have access to the scanner or any fingerprint profiles saved on the device. Touch ID can only be used for unlocking the phone and as a password replacement for iTunes purchases.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Nothing is wiped or expires after 48 hours. It just requires that you use a passcode instead of the touch I.D.

  2. NQZ (@surgesoda) - 11 years ago

    How much you want a bet some group somewhere circumvents the scanner somehow…If you’re going to make tech like this, imho anyways, you need to offer it up to the security community before public release for vulnerability testing.

    • colejohnson66 - 11 years ago

      Who is saying they haven’t? Also, it’s Apple. Even if they haven’t offered it up (which they most likely haven’t for trade secret reasons), I’m sure they can run security tests on their own seeing how much they care about privacy with encryption.

  3. William - 11 years ago

    Reblogged this on William's iBlog.

  4. wrjoissaint - 11 years ago

    My opinion: If crook found the iPhone 5s it would requires the touch id to whip and restore the iPhone. If the phone get restored, it should still request the touch id. Normally when a crook find the iPhone, they would put the dfu mood by holding home button while the unit restarts. Hopefully apple added a touch id in this section, because if they did it would be worth getting the 5s. Find my iPhone should be active 24 hours even with a wipe, if they can locate the crook, I would be pleased.

  5. Jeff DeMaagd - 11 years ago

    A bit disappointing that touch isn’t available to apps, though I would expect they’re working on it.

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.