Via the Wall Street Journal, an Apple spokesperson fleshes out some of the finer details surrounding the fingerprint sensor and Touch ID. To use Touch ID, it is mandatory to also set up a passcode. This acts as a fallback in case the fingerprint sensor fails temporarily or experiences a permanent hardware fault. iOS may necessitate a passcode under some other conditions, as well.
Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn’t been unlocked for 48 hours. This feature is meant to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.
By having the sensitive data expire fairly quickly, Apple is hoping that hackers will not have enough time to decrypt the data and have it still be useful. However, the time is long enough that it should not inconvenience users very often.
Apple says testing has shown that although the sensor is substantially better than fingerprint protection systems found in laptops, it will fail occasionally. In particular, Apple points out that moist fingers (such as sweat or residue from creams and lotions) do not work well with the device. The system may also have difficulty reading fingers that have scarred skin. However, as Touch ID can manage up to five fingerprint profiles at a time, Apple notes that customers can still take advantage of the feature by simply using a different finger for recognition.
In addition, Apple reaffirmed that third-party apps currently do not have access to the scanner or any fingerprint profiles saved on the device. Touch ID can only be used for unlocking the phone and as a password replacement for iTunes purchases.
FTC: We use income earning auto affiliate links. More.
Nothing is wiped or expires after 48 hours. It just requires that you use a passcode instead of the touch I.D.
How much you want a bet some group somewhere circumvents the scanner somehow…If you’re going to make tech like this, imho anyways, you need to offer it up to the security community before public release for vulnerability testing.
Who is saying they haven’t? Also, it’s Apple. Even if they haven’t offered it up (which they most likely haven’t for trade secret reasons), I’m sure they can run security tests on their own seeing how much they care about privacy with encryption.
well said colejohnson66
Reblogged this on William's iBlog.
My opinion: If crook found the iPhone 5s it would requires the touch id to whip and restore the iPhone. If the phone get restored, it should still request the touch id. Normally when a crook find the iPhone, they would put the dfu mood by holding home button while the unit restarts. Hopefully apple added a touch id in this section, because if they did it would be worth getting the 5s. Find my iPhone should be active 24 hours even with a wipe, if they can locate the crook, I would be pleased.
Activation Lock in iOS 7 doesn’t allow dfu mode: http://www.imore.com/ios-7-preview-activation-lock-aims-keep-out-crooks
A bit disappointing that touch isn’t available to apps, though I would expect they’re working on it.