Why do mobile devices force user to type password after reboot?
First:
- password is used to get access to the full disk encryption key
- fingerprint is used to unlock the screen (of an already "decrypted" device)
Encryption key retrieval must be:
- accurate - on each entry, the device must transform the password through a key-derivation function into the one and only correct encryption key, otherwise the device won't be able to decrypt the data
- secure - derived through a one-way function, not "unlocked" by comparing data provided by a user with a pattern stored on the device
Fingerprint recognition does not meet the above requirements, it is:
- fuzzy - on each press the sensor provides the device an approximate image of a part of a fingerprint which is matched at a certain accuracy; on each verification attempt the actual data differs due to different position, skew, press strength
- non-secure - recognition is performed by comparing the actual fingerprint with the data stored on the device - this data must be both readable and modifiable which makes it vulnerable to an attacker
Because the fingerprint is only used for authentication, while the password is also used for encryption, and these are distinct processes with very different requirements.
As you probably know, the primary function of a lockscreen is to make sure that the person accessing your device is you. This is called authentication. If someone inserts the correct pin / password / fingerprint on a lockscreen, the device knows that that person is probably you, and grants you access to the system.
Besides authentication, the screen that asks you for your password when you boot up your phone also serves a different purpose. Modern phones feature something called Disk Encryption. This means that all the user data stored on the device is protected by a encryption algorithm.
When using a properly implemented disk encryption, given just the phone's storage, no one can access your data - not even the device itself! The kind of symmetric encryption used for this purpose uses a secret key, and this key is never stored by the device, for security purposes. Instead, the device must be told the correct key in order to access your data.
Now, because of the nature of this algorithm, a secret key needs to have some important properties:
- It must be long
- It must be exact. A key that is almost exactly the same as the secret key is completely useless
Unfortunately, it turns out that systems based on biometrics, such as a fingerprint reader, don't fulfill these properties. The amount of information provided by them is usually small and inexact.
This is the reason you need to enter your password - it's the only mechanism that we know of that properly fulfills the requirements. This is done by feeding your password through a key derivation function.
After booting up and being told your password, the phone keeps the derived encryption key in its volatile memory, so it doesn't need to ask for it again - only authenticate you. This has some disadvantages, such as making it vulnerable to a cold boot attack, but it's considered a good compromise between security and usability
AFAIK, at boot time you first have to unlock the SIM card, which requires a numeric password. Next operations just unlock the screen and for that part you have different authentication methods (not all are implemented on all devices):
- numeric or alphanumeric password
- fingerprint
- gesture
- nothing (screen is unlocked by simply moving a finger on it)
All those methods are directly processed by the phone, but the first is processed by the SIM card itself, and as it is far less powerfull than the phone, it accepts only a numeric password. Of course, the phone could certainly intercept the code but it would look like a man in the middle attack, and neither phone manufacturers, nor OS providers have wanted to implement it.