14 DAY TRIAL // In a surprising move, Apple appears to be backtracking on its decision to keep Touch ID data locked down in an enclave, and wishes to share that data with other devices and its servers, for added convenience.
The convenience factor is unquestionable – use your finger to set up a device with all your data, preferences and settings in one touch – but the dangers involving one’s privacy may be just as real. Let’s look at the wording together.
To-be matched biometric data
The abstract of the invention, which has been published but not yet granted to Apple, describes fingerprint sharing and recognition between devices, and even the cloud.
“The system may further include a cloud computing device capable of uploading and storing the enrollment finger biometric data, and a second electronic device. The second electronic device may include a second processor capable of collecting to-be matched finger biometric data from the second finger biometric sensor, and downloading the enrollment finger biometric data from the cloud computing device based upon matching between the enrollment and to-be matched biometric data.”
The patent not only describes a way to instantly clone a device with a single touch, but also to make purchases using only your finger, without requiring you to actually pull out the phone. Apple Pay sensors, for example, would be instructed to recognize the mathematical formula that makes up your print and authorize your purchase in a store, a cafe, a restaurant, etc.
Security concerns
The implications are as far reaching as they are worrisome. When Apple introduced Touch ID in 2013, the company specifically said that people’s prints were “never stored on Apple servers, and it's never backed up to iCloud or anywhere else.” The newly revealed patent application goes against these claims.
Security expert Bruce Schneier tells the Huffington Post that the risks are high when it comes to stealing a user’s fingerprint data. It’s actually not hard to reach this conclusion, considering that Touch ID serves, among other things, as a method to authorize purchases with your credit card.