Let’s clear this up. Correctly.
A lot of people are going panicky over Apple’s fingerprint sensor, the TouchID. From Apple-haters to journalists, there’s a lot of crap-talk about why TouchID is quite insecure and how Apple’s assurances about fingerprint-data security is actually weak.
Let’s first understand TouchID in its true context. The TouchID is often talked about as a replacement for the passcode but in reality, it’s just a faster way to authenticate things where a passcode is used. So basically, it’s not a replacement but a quicker way to enter the passcode.
One of the partly-silliest arguments against TouchID that we hear a lot borders around the recent NSA snooping and how fingerprint data might be leaked to the authorities. Let’s just go back a little and remember that your fingerprint data is all over the place already. It’s available with the government through a lot of forms so if NSA was going to pick your data, they won’t have to go to Apple for that.
Secondly, what if hackers get into TouchID’s secure enclave within A7 and lift that data? Re-engineering a text/numeric data into a fingerprint image is not possible, according to Apple and this kind of a security is all-too common and effective. What happens when you place your finger on the home button is that your fingerprint image is scanned, converted into encrypted data (not image anymore) and then it is cross-checked with the encrypted data that exists within the enclave.
The third of all skepticism – and probably the only genuine panic of all – is what if someone can gain access to your iPhone and use a fake fingerprint to authenticate? This is important because The Verge reports that hackers have gained such an access.
In this case, the first reasoning would be this: if your iPhone – without TouchID and only a passcode – gets into the hands of the wrong people, I think that poses an equal risk of data and identity-theft. TouchID doesn’t fall into the realms of culpability in that scenario.
However, it’s true that if someone gets your iPhone 5s and has a fake copy of your fingerprint that can be used to authenticate the iPhone 5s, things can go bad. Purchases can be made. Data can be accessed. And if you’re so dependent on your iPhone 5s, credit card data might get lifted.
But, by and large, TouchID is actually a positive step forward despite all the hate and skepticism that surrounds it today. It’s a huge step forward in usability and security because succeeding with a fake fingerprint has a far lesser probability than hacking your passcode.