Touch ID gives developers a sixth sense

iOS 8 in context

This post is an excerpted chapter from the iOS 8 in context ebook.

In previous years, Apple’s keynote at its annual Worldwide Developers Conference has been the platform for the introduction of consumer-facing products and features, including the iPhone 4 in 2010 and iOS 7 in 2013. But this year’s conference was different—the final third of Apple’s presentation addressed almost zero consumer features. Instead, Cook and his team fulfilled thousands of developers’ wish lists to the sound of thunderous applause. While non-developers might have been itching for a glimpse of this fall’s anticipated new iPhones, little did they know that these additions to iOS will have a greater impact on their everyday lives than any flashy new hardware or buzz-worthy new feature.

If the redesign in iOS 7 was a fresh paint job, iOS 8 will be an entirely new engine. This is iOS 8 in context.

Touch ID

The iPhone home button is sacrosanct—the singular concave button has served as a navigation nexus for iOS users since its introduction in 2007. It was the iPhone’s guiding star, and provided early adopters of the world’s smartest phone an escape hatch from the device’s fullscreen applications. As time progressed and Apple iterated its flagship handset, each new banner feature arrived built on top of the home button and a new way to interface with it. Double-clicking the home button allowed for multitasking in iOS 4 in 2010, and holding down the iPhone 4s home button introduced Siri in 2011’s iOS 5. (Even this year, a gentle double-tap unlocks the iPhone 6 and 6 Plus “Reachability” shortcut, which pulls down the top of the screen to allow one-handed access to apps’ top-most buttons.)

But the modest home button saw its most significant reinvention in 2013, when Apple introduced a digital fingerprint sensor integrated into the iPhone 5s home button. Called “Touch ID,” the new replacement for iOS lock screen pass codes served as the device’s primary differentiator from its little brother, the iPhone 5c, which was released the same year and saw widespread adoption. It replaced the home button’s familiar gray “app outline” glyph with a minimal chrome ring and a flat sapphire crystal disc, forever altering the iPhone front panel’s aesthetic and informing design choices on other devices that followed.

Touch ID initially allowed users to unlock their devices with a simple scan of their fingerprint, and even included authentication for purchases from the iTunes or App Stores, a task which previously necessitated typing a lengthy Apple ID password. While these capabilities kept Touch ID from feeling gimmicky, it still wasn’t living up to its full potential—what about the passwords users have to routinely type for their banking apps, social networks, and online transactions? This year, Apple is opening Touch ID access to developers in iOS 8, and the impact is going to transform the way iOS users think about security on their devices.

How Touch ID works

The moment iOS customers begin setting up their iPhone 5s or iPhone 6, the operating system walks them through Touch ID configuration out of the box. By repeatedly placing their primary fingers on the Touch ID home button sensor, the device gets a full picture of the finger’s outer layers of skin and records a detailed image of the user’s fingerprint. The iPhone stores this image in a secure location on the iPhone’s A7 or A8 system-on-a-chip, and never transmits fingerprint data over the internet or sends images to remote servers. Later, iPhone users can record additional fingerprints for their other thumb or index fingers, enabling a seamless unlock from any angle or orientation.

When users place their fingertips on the Touch ID home button, the capacitive stainless steel ring identifies the contact and signals the iPhone’s fingerprint sensor to begin scanning. It cross-references the image with one stored in the iPhone’s on-board secure location—much like the behavior for Apple Pay’s “Secure Element”—and signals the operating system to unlock the device or begin downloading iTunes content. Until today, that was the extent of the sensor’s capabilities—but its potential has always seemed limitless.

Fingerprint authentication is infinitely more secure than a traditional password string, and protects user data behind an impassible lock screen barrier. “Touch ID is a huge boon for security,” said Punchkick iOS developer John Norton, “because your fingerprint is impossible to ‘guess,’ unlike a string of letters and numbers.” As users struggle to memorize passwords and juggle to keep track of their various accounts, third-party solutions like 1Password have arisen to fill the memory gap. Apple, too has invested in password centralization solutions in recent versions of Safari. But the promise of Touch ID could move beyond passwords altogether. “Safari has gotten close to completely hiding authentication information with iCloud Keychain,” Punchkick engineer J.C. Subida said, “but Touch ID takes it to a completely different level.”

Tapping into Touch ID

In iOS 8, Apple opened access to the Touch ID sensor to third-party developers, meaning that some of these pass codes and sign-in screens will become things of the past in short order. Now, iOS can relay Touch ID authentication confirmation to apps beyond the lock screen and Apple’s own digital storefronts. Dozens of top-tier developers have already updated their apps to take advantage of Touch ID, and it’s expected that thousands more will follow in coming weeks.

“I’m really excited about Touch ID,” continued John Norton. “It’s one of those things I didn’t really think about, but it’s going to be crazy-huge. Now that you can use Touch ID for third-party apps that require any kind of password authentication, you’re going to see it everywhere.”

Allowing access to the Touch ID sensor comes as no surprise considering Apple’s recent introduction of its Apple Pay mobile payments system. On top of allowing for secure in-store transactions, Apple Pay enables developers to accept payments in-app using the Touch ID sensor as an authentication element, and will encourage an entirely new class of mobile e-commerce applications. But Touch ID’s ambition stretches beyond dollar signs—one-step secure authentication could fundamentally transform how users connect with their phones.

“I’m looking forward to Touch ID,” said J.C. Subida, “because it’s one less password for users to remember. If people can just use their fingertip to log into apps that require authentication, they won’t have to worry about forgetting their login credentials anymore.”

As developers work to update their apps to take advantage of new capabilities in iOS 8, Touch ID will surely be among their primary focuses. Now that apps can identify a singular user and securely connect them to authenticated transactions, mobile e-commerce fraud could be a problem Apple is able to nip in the bud. As the iOS ecosystem continues to expand and evolve, Touch ID could be the authentication currency that replaces the tired “username-and-password” altogether.