Why would Apple add a fingerprint sensor to the iPhone?

As rumors suggest that Apple may announce a new iPhone as soon as next month, the speculation game, never at less than a low simmer, has heated up to a rolling boil.

Much of the theorizing has revolved around the possibility that Apple will add a fingerprint scanner to the iPhone, either incorporating it directly in the Home button, or, as indicated in a patent granted to the company in 2012, situating it in a dedicated area of the handset’s front screen. Such technology is far from science fiction—and it could actually provide real, tangible benefits to iOS device owners.

All thumbs

Though it might sound like the kind of technology you’d find in a Mission: Impossible movie, fingerprint scanners are already in widespread use in various industries. If you’ve recently had the pleasure of taking an international flight, for example, officials in your  destination country may have used one to record your biometric information before issuing you a visa.

The rumors that Apple will include such technology didn’t materialize out of thin air, either: In 2012, Apple in 2012 acquired AuthenTec, a Florida-based company that specializes in exactly the kind of hardware that the new iPhone would need if it were to support fingerprint scanning. In addition, some code spelunkers say that they’ve found evidence of software related to fingerprint scanning in iOS 7 developer betas.

One factor, two factor, red factor, blue factor

So what might a fingerprint scanner be used for? The obvious answer is user authentication.

Establishing a user’s identity is a surprisingly tricky business. Even under the best circumstances, passwords—which have long been the primary means of handling authentication—can ensure only that the person logging in knows the right password. And despite years of effort to instill good password hygiene in the average user, countless users still employ password as their password.

Passwords aren’t supposed to be used in this fashion anyway. In security parlance, a password counts as one “factor,” establishing something that the user knows. To be effective, the password must be combined with additional factors—generally something that the user owns and/or something that the user is.

A mobile phone constitutes the ideal “ownership” factor, leading to a proliferation of two-factor authentication mechanisms, such as the ones used by Google, Twitter, and even Apple’s own iCloud: Since an official authority exists that associates an individual phone number with each device, entering a code that has been sent by SMS to a previously registered handset confirms that the person trying to log in is in possession of a recognizable and unique object.

My finger is my identity

But even this kind of two-factor authentication has a major flaw: There’s still no guarantee that the person in possession of the phone is the rightful user. iPhones get stolen all the time, and an iPhone not protected by a passcode is a treasure trove to the thief—especially if it contains passwords for other services.

Enter biometric signatures, such as fingerprints. Rather than being something the user owns, these factors establish something the user is. A website or app that requires a user to provide all three types of factors in order to log in successfully provides strong protection against fraudulent attempts at user impersonation: Even if thieves managed to steal a handset that is completely unprotected and readily surrenders the user’s passwords, they would still presumably be unable to complete the necessary authetication in the absence of the victim’s fingerprints.

Biometric authentication could be used to “pair” a device with its owner in such a way that the device could be unlocked only when the right finger touched the scanner’s sensor. This requirement could put a dent in the market for stolen iPhones, which has helped make handset theft a major crime of opportunity in many metropolitan areas.

Safety and privacy

Benefits aside, adding biometric capabilities to the iPhone would raise a number of privacy concerns—chief among them how Apple would keep a database of user fingerprints safe from prying eyes.

Luckily, most current biometric scanners reduce the individual features of a fingerprint to a digital signature calculated by using a one-way algorithm. As a result they don’t store or transmit the prints in photographic form, and a person in possession f the digital signature can’t reverse-engineer the characteristics of a particular finger from that signature.

Thus, Apple could easily establish a database of fingerprints without storing the fingerprints themselves; and by encrypting them in a unique way before passing them along to app developers (with the user’s consent, of course), the company could further protect the privacy of its users by ensuring that a fingerprint signature obtained by a particular developer or website couldn’t be stolen and reused with a different service.

Of more practical concern is whether thieves will find ways to extract serviceable fingerprints from their victims. After all, the hosts of the popular reality show MythBusters were famously able to defeat a biometric lock using nothing more than a photocopy of the victim’s fingerprint lifted from a CD. Other hacks have involved using a piece of gummy candy to duplicate a fingerprint.

And since the presence of the entire user isn’t necessary to scan a print, some people worry that criminals might separate users of the new iPhone from their appendages in order to defeat the fingerprint authentication requirement.

Still, it’s unlikely that a wave of machete-wielding muggers is about to hit our cities, especially since most cell phone thefts occur in public settings, where violence would attract unwanted attention and raise the possibility of much more severe legal penalties. Besides, Apple’s sensor might work only when touched by a real finger—for example, by checking for normal blood flow.

Ultimately, the addition of a biometric sensor to the iPhone could be a huge benefit for users and app developers alike. Given an appropriate set of privacy protection measures, it could greatly strengthen the security of everything from tweeting to banking—and make our phones less attractive targets for theft.