Apple - Is it safe to let apps use Touch ID on an iOS device?

The application does not have access to the fingerprint data stored on the device. The API provided by Apple tells the app if the auth process was successful by a simple yes/no value. No hash is provided. Here's the documentation.

Also the fingerprint data is stored in the device's "Secure Enclave" and is not accessible.

The Secure Enclave is part of the A7 and newer chips used for Touch ID. Within the Secure Enclave, the fingerprint data is stored in an encrypted form which - according to Apple - can only be decrypted by a key available by the Secure Enclave thus making fingerprint data walled off from the rest of the A7 Chip and the rest of iOS.

Source: The iPhone Wiki


Yes, it is perfectly safe to use Touch ID on iPhone.

Apps that uses Touch ID does not have access to your fingerprint, nor any hash generated from your fingerprint. The app does not actually process the fingerprint matching itself, rather, it calls the Touch ID API (system) which will then send the result back to the app. So, all the app will receive is either true or false, depending on whether it is successful.

Thus, the app does not need to have access to any kind of hash and the whole Touch ID process is done by your iPhone's system (iOS), similar to how you unlock your phone with Touch ID.

As 9to5mac explains:

When a developer wants an app user to authenticate, they don’t get involved in the nitty-gritty of how that authentication is performed. They just use code that asks iOS to do it for them – what Apple calls the Local Authentication framework.

(emphasis mine)

And AppleInsider explains:

Apple has kept Touch ID secure by not providing apps access to any of the fingerprint data stored on an iPhone's secure enclave. The prompt that appears is the same as the one Apple already uses to authorize iTunes and App Store purchases.

(emphasis mine)


Yes - it's totally safe.

Your Touch ID data is stored locally on your device and isn't accessible by Apple or any other 3rd parties.

When you use Touch ID for a 3rd party app for example, it will authorise your access locally and the app will not see your fingerprint data, only that your iPhone has authorised it.

I personally use Touch ID for my PayPal app as well as a few other trustable services.

(If you're worried, maybe don't use it for companies you don't fully trust - even though it's physically impossible for them to see your Touch ID data.)

Tags:

Ios

Security

Touch Id

Related

Apple - What external monitor to buy that has same clarity as the MacBook? Apple - "Unknown Error = -2,147,414,007" on creating certificate with Certificate Assistant Apple - SMB share deadlocks since High Sierra Apple - How can I stop Parallels Desktop from listing Apps from a VM available in Spotlight? Apple - Reduce the storage space taken up by "System" on my iPhone 6s without restoring and setting up iPhone as new Apple - Is there a way to see System Information before first user is added? Apple - Disable HiDPI resolution Apple - How to view all login history in MacOS High Sierra Apple - Safe to kill spindump? (Older/slower machines) Apple - macOS partition disappered after installing windows 10 using bootcamp Apple - How to remove flashlight from iPhone X lock screen? Apple - How to launch pf at startup?

Recent Posts