Apple Takes a Step Backwards With Touch ID on New iPads

1 minute read
| Editorial

Apple has told us that Face ID is more secure than Touch iD. It’s the future. So Apple’s decision to use Touch ID on the new iPad mini and Air contradicts Apple’s stated privacy goal.

iPad mini 5 and iPad Air (2019)
iPad mini 5, iPad Air (2019)

Apple often reminds us of two things.

  1. Apple only makes the best products.
  2. Apple products are designed to protect your privacy.

Given the above, one might expect Apple to charge a little more for those new iPads, include Face ID, and provide the best possible security. Instead, it sure looks like Apple has sacrificed security for cost savings.

Face ID vs. Touch ID

When the iPhone X shipped in November, 2017, there was a lot of discussion about the relative security of Touch ID vs. Face ID. I haven’t seen any detailed technical reports comparing the two. But we do have some data from Apple itself. That was used in this article explaining the relative security of the two methods. “Apple Security: Touch ID vs. Face ID.”

If you don’t have an identical twin, the risk of a random face unlocking your phone is 1 in 1,000,000 according to Apple….

Apple said that the chances of a random finger unlocking your phone is 1 in 50,000. Going off of that number alone, Face ID is 20x more secure than Touch ID.

Those numbers come from Apple’s Face ID Security document, page 2.

Appearance is Everything

If we believe that Face ID is more secure, it’s the next step in better device authentication, and that weaknesses have probably been discovered in Touch ID, (out since the iPhone 5s in 2013), then we have to assume that Apple is providing inferior technology in these two new iPads to lure the customer with a lower price. Is that trade-off a conscious decision we should be forced into?


Regarding the aging of technology, I believe this. Security technology is only excellent in the era in which it reigns. After that, it starts to decline in effectiveness. This is why we don’t use 56-bit DES encryption anymore.

On the other hand, if Apple feels that Touch ID is, in fact, actually just as secure as Face ID, the company should say so in order to justify its product design decision. I’m eager to hear Apple say more about this.

4
Leave a Reply

Please Login to comment
4 Comment threads
0 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
Paul Goodwinwab95Lee DronickDoug Petrosky Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Paul Goodwin
Member
Paul Goodwin

1 in 50,000 random fault rate is pretty low. At 10 fingers per thief, it would take 5000 thieves. The problem with random things is that you don’t really know if the fault will occur on the first attempt or on the 50,000th, or the first out of a million for Face ID. I’m not sure that the Touch or Face ID faults would really be random either. Is there really a security problem with Touch ID? No. And saying that we don’t use 56 bit encryption for data transmissions anymore isn’t a supporting arguement for this form of security.… Read more »

wab95
Member
wab95

Hello John: @Doug Petrosky makes some salient points regarding the balance between relative cost and security, with an emphasis on the word ‘relative’. In most everyday situations, apart from professional or state-sponsored attacks, the relative gains in security between touch vs Face ID likely remain imperceptible and non-essential; all bets being off with state – sponsored exploits. My first thought, when I saw the return to Touch ID with the iPad Air and Mini was convenience. While I love my iPad Pro latest gen with Face ID, I am often at the wrong angle or too far away to activate… Read more »

Lee Dronick
Member
Lee Dronick

Is it a step backwards or pause? There may be technical problem to overcome though as Doug says it might be the cost.

Doug Petrosky
Member
Doug Petrosky

I’ve listened to you for long enough to know you are not this stupid! This is not a matter of insecure or secure. This is not Samsung’s face recognition that can be circumvented with a photograph, this is Secure or even more Secure. That is not to say that there are not even more secure systems beyond FaceID but that fact doesn’t make FaceID insecure. With no way of knowing if you are going to be that 1 in 50,000 match and with only a couple chances before you get locked out, touchID is plenty secure for even financial transactions.… Read more »