Everything you need to know about Touch ID, the iPhone fingerprint sensor - including: will the iPhone 5S store my fingerprint and how safe is that?
The major new feature being touted by Apple to sell the new iPhone 5S is Touch ID. You will see this described as a fingerprint scanner, aimed at improving the security of your smartphone. But that isn't the whole story, and that description throws up some uncomfortable questions. Here we tell you everything you need to know about Touch ID, including whether it (or Apple) will store images of your fingerprint. (See also: iPhone 5S vs iPhone 5C comparison review: what's the difference between iPhone 5S and iPhone 5C?)
How Touch ID iPhone fingerprint sensor works
First, how it doesn't work. Your iPhone is not comparing a stored image of your fingerprint against a digit you push up to it. This would be a security risk if such an image fell into the wrong hands. And it would be possible to fool an optical fingerprint scanner with a high-resolution image of your finger (or for the more melodramtically minded: with your finger itself, not attached to your body).
Instead Touch ID is using a capacitance reader. This takes a read of both the dermis and the sub-dermal layer of your skin. It then creates an image based on the minuscule differences in conductivity caused by the raised parts of your fingerprint. See also: iPhone 5S vs Galaxy Note 3 smartphone comparison review - how does Apple's latest iPhone compare to the Galaxy Note 3?
Will the new iPhone store my fingerprint?
Apple says no, and technically it is correct. Of course your iPhone will have to store something against which to compare your fingerprint. But as explained above it won't be an image of your fingerprint - the blob of lines and squiggles that we would commonly describe by the term 'fingerprint'.
However, to work as advertised Touch ID has to store something. It will record a scrambled copy of the conductivity image described above. In principle, at least, this will be unique to you but meaningless to any device except your own iPhone 5S. Apple will run the image you present through a cryptographic hashing algorithm, as it will scramble your unique image before storing. The results of both will be compared.
So a information relating to a unique image related to your fingerprint is being stored, and stored as securely as is your Apple ID passcode. But an image of your fingerprint is not. (See also: iPhone 5S release date in UK, specs and features: What’s new in the iPhone 5S?)
Does this make the iPhone 5S totally secure?
Not totally, no. It makes it more secure than if it is protected only by a simple passcode. But all that is required to break in is the presence of your finger connected to your body, beating heart and all.
This kind of fingerprint is unique only to you, which makes it more secure. It can't be guessed or spoofed. But you can be physically forced to open your iPhone. More critically, it means that Apple will at least tangentally own a record of your unique identifier. Apple says it will never allow apps to access your fingerprint data, but the connection of your unique identifier with Apple's e-commerce platform means that you are voluntarily giving up information to a commercial entity. For the record: I will do so, as will most people. But we should at leat be aware of what we are giving up, privacy wise. See: What's the best phone you can buy in 2013?