Since Apple confirmed the poorly-kept secret that the latest iPhone would have a fingerprint reader, I’ve seen a lot of people state things about the technology that just aren’t so. These ideas are no doubt fueled by the fantasy presented in shows like CSI and movies like Mission Impossible, Hollywood fantasy technology that’s a lot more reliable and seamless than it actually is. As someone who spent 5.5 years supporting fingerprint devices, I thought it would be worthwhile to clear the air on some of the most egregious ones.
To start off, not all scanners are the same. They’re divided into two classes: optical and capacitive. An optical scanner uses a camera to read your fingerprint. Doing an image comparison with one of these is usually too lengthy of a process to do in any reasonable amount of time. While a second or two may not sound like much, we’re used to unlocking phones almost instantly. They’re also notorious for being unreliable and have trouble reading the whorls in your fingerprint. I’d put money on Apple not being dumb enough to use one of these.
The capacitive scanner uses a conductive surface (not unlike almost all modern touchscreens) to read the ridges of your fingerprint as they make contact with the scanner surface. They’re relatively fast and accurate, but not without their troubles. About 2% of the population has unreadable fingerprints. That may not sound like much, but it works out to something like 6M+ people in the US. A few more percentage points will have problems getting their fingerprint read if their hands are dry, like during the winter or summer months. Pressure is another common problem. Too much and it gets all smooshed together. Too little and you don’t read enough of the swirls. Let’s go out on a limb and assume you’ve got a capacitive scanner and fingers that play well with it.
Then there’s the assumption that the fingerprints can somehow be stolen from the device. While there may be scanners that can read and store the entire fingerprint, they’re typically not used for performance (and cost) reasons. The most common way of reading and storing fingerprints is to track the distance between whorls. This is compact and makes for very quick comparisons. It’s also reasonably accurate, though you will sometimes end up with false negatives. This means that a “scan” of your fingerprint is nothing more than a really crappy vector polygon. It should go without saying at this point that extracting a fingerprint from this data would be nigh on impossible.
There’s a few stark realities to face. The fingerprint reader is a side feature, not a main one. At the price point Apple is targeting, they’re going to go with a “good enough” capacitive scanner that will kinda sorta work for the handful of people that actually decide to give it a whirl. There’s almost zero value in stealing the data from the scanner because, for performance and cost reasons, it’s unlikely to take the level of detail needed to do anything nefarious with it. Whatever your expectations are, you’ve probably set them incorrectly.