While fingerprint scanners were a bit of a niche item on phones in the past, their time seems to have come in full force. Once Apple started including a fingerprint scanner on their iPhone 5S it seems like others figured the time had come and followed suit. Apple said all of the right things when it came to privacy and security upon releasing their fingerprint scanner, though recently we’ve learned that Apple has obtained a patent for “Finger Biometric Sensor Data Synchronization VIA A Cloud Computing Device And Related Methods.”
All of that is a fancy way of saying that Apple would like to be able to upload your fingerprint data to the cloud, and let you download it to another device. In theory, this might be a helpful way to set up a new phone, or perhaps allow for multiple profiles on a single iPhone, authenticated by fingerprint. In reality, however, this just screams loudly as a horrible idea. While filed patents, and even approved patents don’t mean that this sort of implementation is coming, it does conflict with Apple’s current policies regarding fingerprint data:
The Secure Enclave is walled off from the rest of the chip and the rest of iOS. Therefore, iOS and other apps never access your fingerprint data, it’s never stored on Apple servers, and it’s never backed up to iCloud or anywhere else.
So, what benefit is there for storing your biometric data in the cloud? Theoretically you could download that data to a new phone if your existing phone were lost or stolen. In reality though, you could simply register your fingerprint again on your new device and keep it locked there as Apple initially intended. It could also be used for a multi-user system on your device, however it would again, still be quite easy to simply register your fingerprint on the second device if necessary.
While Apple currently doesn’t — and by all accounts wouldn’t — store your actual fingerprint anywhere, and while the data could — and almost certainly would — be encrypted prior to transfer to or from any cloud service, their “mathematical representation” of your biometric data could conceivably be stolen, hacked, or cracked leaving users out in the cold. We’ve all seen how services such as iCloud can be breached.
What do you think? Would you like to be able to download this sort of information from one iPhone to another? I’d be very interested to hear what might make people think this is a good idea.Source: Slashgear