Thursday, September 12, 2013

iPhone 5S: Sacrificing your fingerprint privacy with Touch ID?

The iPhone 5S is an improvement over the iPhone 5 in many aspects. However, the Touch ID fingerprint reader which can be used instead of PIN codes definitely raises some privacy and security concerns. Considering the recent chain of events involving the NSA, the question is if you are ready to potentially give up your control and privacy of your biometric data.

best iphone fingerprint touch id app
As expected, the iPhone 5S and iPhone 5C were revealed during the Apple Event on September 10, 2013. The iPhone 5S, as the name suggests, is an improved iPhone 5 which has been significantly improved under the hood and includes the new 64-bit A7 CPU architecture, a dedicated M7 motion co-processor and an improved camera which is much more responsive due to dedicated computing resources. While the improvements by themselves certainly justify the iPhone 5S, a completely new feature is the fingerprint reader technology that is integrated into the home button which is known as Touch ID.

To most people, the reveal of Touch ID was in itself not a big surprise as Apple acquired the fingerprint technology company, AuthenTec, last year. In addition, tests have already shown that the Touch ID technology works exceptionally well as a way to replace PIN codes and Apple ID authentications for App Store purchases.  However, the picture of the fingerprint technology is a lot larger than only its designed functions and the storing of fingerprints on the iPhone 5S certainly raises a lot of concern and questions regarding the personal privacy and security.

Touch ID fingerprint privacy concerns

top touch id iPhone fingerprint privacy app
The iPhone 5S Touch ID technology has already been praised by many. For example, mac99 states that the Touch ID technology allows users to unlock the phone and replaces a the complicated and cumbersome input of a password. To be quite frank, this simply does not make much sense. Users who find it difficult to input PIN codes (by default 4 digits) will definitely have extreme difficulties in manoeuvering a smartphone. Instead statement from The Verge makes more sense which claims that the Touch ID is a really cool thing. Indeed the Touch ID fingerprint reader is a cool thing, but the ultimate question is, do you really want to trade off your biometric information for a "cool thing"?

The timing to release the Touch ID is not really the best, considering the recent chain of events concerning the NSA and at present it is even known that NSA has been using backdoors and super computers to crack virtually all standard encryption means. In essence, since collecting information and cracking encryption protocols is by definition the purpose of all national security agencies, by storing your fingerprints on the iPhone 5S, you are potentially giving not only the NSA, but governments from all over the world access to your private biometric data, in addition to all conventional digital data. Apple claims that the fingerprints are encrypted and stored only locally on the phone, but provided the history, it is extremely difficult to any convincing reasons to take this for granted. After all, it was not very long ago that it was revealed that Apple secretly logged GPS coordinates and UUID (unique phone identifier) of its users and uploaded it to Apple. To make matter worse, this information even ended up at an independent app developer by mistake. Nothing is really preventing Apple from syncing the fingerprint data up to iCloud either.

Now, even if what Apple claims is true, that the information is encrypted and only store locally, it is worth to remember that various national security government agencies specializes in penetrating smartphones. For example, it is known that the former Egyptian dictator Mubarak, had direct access to Egyptian iPhones through means that was provided by a British company which specializes in cracking and penetrating iPhones. Obviously, if an Egyptian dictator can get access to advanced security exploiting software, nothing will prevent any other government agency and even corporations or malicious individuals from doing exactly the same thing.

Bottom line of the Touch ID fingerprint privacy issues

best iPhone 5S fingerprint touch id privacy
The fingerprint data in itself is not really that big of an issue, the problem resides on the aspect of who is in control of the data. For the case of Apple, the users are seldom given control over their devices, instead they have to solely trust and rely on that Apple will protect their personal data. In the present situation, Apple can, if they have a reason, collect large amounts of biometric data from its users. Of course, there are few reasons why Apple would be interested in collecting tons of fingerprints, but if NSA comes knocking on their door, Apple has already shown historically that they will cooperate and gladly hand over your fingerprints.

Finally, an additional aspect that is worth to consider here is that if Apple would be a Chinese company, then the iPhone 5S or other iPhone models would probably never have passed the security screenings and allowed to be used on government agencies or corporations dealing with sensitive information. Ultimately, the decision is up to the users, but it is worth to take a few moments and consider the cost for always trusting a such a closed and secret company as Apple with some of your most personal fingerprint data. If the Touch ID was not based on fingerprints but your DNA, would you still happily use the feature?

No comments:

Post a Comment