One of the most significant announcements at this week's Apple's Worldwide Developer Conference (WWDC) was the news that Apple is exposing a Touch ID API to developers in iOS 8. This move will allow them to tap into the fingerprint scanner in the iPhone 5s (and future Apple hardware) as a means of authentication and accessing the iOS keychain.
Passcode adoption on iOS was less than 50 percent before Touch ID and has since rocketed to 83 percent on the iPhone 5s. Touch ID is popular because it's effective and easy to use.
While a debate can be had over whether Touch ID should be used as a first or second factor of authentication, this post will discuss some of developers that will be first to leverage Apple's biometric security hardware when iOS 8 is released in the fall.
VPN – If you've ever had to access your corporate network while traveling or while working from home you've probably used a physical fob (like the popular RSA SecurID, below) to access your VPN. Many of these vendors also offer mobile apps that can be used in place of a fob. The risk however, is that if your fob or smartphone are lost or stolen, an intelligent thief could use your token to get network access. VPNs around the globe would be more secure if protected by Touch ID.
PayPal – An obvious choice for biometric security is PayPal. The 800-pound financial guerrilla is a pioneer in mobile transactions and has already released an Android app (below) that uses the fingerprint scanner in the Samsung Galaxy S5. It's only a matter of time before the company updates its popular iOS app to include Touch ID support.
Mint – Shown on screen during Craig Federighi's WWDC presentation (below), personal finance hub Mint is actively developing support for Touch ID and will be one of the first developers to release an app with Touch ID support. Owned by Intuit, it would make sense that the financial software giant's Quicken and QuickBooks accounting packages will also leverage Touch ID.
Bitcoin Wallets – On Monday Apple updated the purchasing and currencies section of its App Store Review Guidelines to address virtual and crypto-currencies which could signal a change in posture toward Bitcoin wallet apps. After being removed from the App Store last year, Bitcoin apps that meet Apple's new guidelines would be logical candidates to use Touch ID to protect bitcoin wallets.
eBay – Since eBay Inc.'s PayPal unit is already developing apps that leverage fingerprint technology (see above), it's only a matter of time before eBay adopts the PayPal technology and rolls it out in the eBay iOS app. Security is hot topic in light of eBay's disclosure that millions of customer accounts were compromised by hackers in a security breach in late February and early March of 2014.
Amazon – In the world of ecommerce Amazon.com is a mighty giant. The company is presumed to be exploring biometric technology for its popular Amazon app for iOS. It's reasonable that Amazon customers would want an extra layer of security given how easy Amazon has made purchasing with its one-click technology. Touch ID would also prevent unauthorized users from rummaging through your Amazon purchase history. All major bricks and mortar retailers (including Walmart, CVS and Home Depot) are likely to be exploring enhanced payment security option in light of the massive security breach at Target in late 2013.
Google – Millions of people use Gmail, and a litany of other Google apps daily. It's pretty easy to see why a company like Google would want to protect their customer data from prying eyes. Google Authenticator for iOS already provides a second factor of authentication, but I could see it protected by Touch ID for even greater security.
Messaging – With the advent of purpose built, secure messaging apps (including WhatsApp, Wickr, Telegram, Line, Blink) Touch ID could validate both sender and recipient.
Banking – This one requires little or no explanation. Banking data should be protected in every way possible and require a second factor of authentication. I can't think of a better form of 2FA than Touch ID because its is convenient (which will increase adoption) and it will let users ditch those pesky, proprietary fobs hanging from your keychain.
Government – Whether it's federal, state, county or municipal, you probably deal with the government more that you think. Everything from renewing your driver's license, to paying your property taxes, to filing your federal tax return requires deal with some form of government. It would increase adoption and allay a lot of user anxiety if such data was protected with biometric security like that of Touch ID.
Voting – While many people believe thatit would be much more secure if it required a unique fingerprint to cast a ballot. The only problem with the current implementation of TouchID is that actual fingerprint data is stored in a "secure enclave" in the iPhone 5s' A7 processor and is not shared with third parties. This means that governments would have to trust Apple to authenticate the user and to unlock a keychain item that identifies them to the voting system. Clearly, this one require some work.
Medical – Mayo Clinic has announced its support of Apple's new Health app and the HealthKit stack, so it would make sense that any company dealing with patient medical records would want to take advantage of the security provided by the TouchID fingerprint scanner.
Health – Apple's newest iOS app, Health, is another obvious candidate for use of Apple's Touch ID sensor. Any smart person committed to entering their private health records into their iPhone would likely want that access available only to them. U.S. HIPAA regulations protect the privacy of individually identifiable health information and Touch ID could help keep that information secure.
Insurance – Like medical providers (see above) all insurance providers (including Berkshire, Allianz, AIG, AIA and AXA) would be natural candidates to implement Touch ID to secure their customer data.
Legal – Lawyers deal with all kinds of confidential data like wills, powers of attorney, divorce, and bankruptcy and routinely share it with their clients. In fact, all communication between between a Lawyer and their client is protected by attorney-client priviledge. Touch ID would be a great way for legal professionals to know whom they are communicating with.
If you want your favorite app to embrace Touch ID support in time for the launch of iOS 8, I highly recommend that you contact the developer and tell them that you'd feel more secure using their service if it was protected by biometric security like Touch ID.