iPhone 5s: Can biometrics unlock Apple's enterprise appeal?

The new iPhone 5s is tipped to popularise the use of biometrics within the smartphone market, but the jury's still out on whether its fingerprint scanning technology will be enough to win over enterprise users.

After much hype and speculation, the Apple iPhone 5s was finally unleashed on the world yesterday, alongside a new budget device called the iPhone 5c.

A full breakdown of the features and technical specifications of both devices and how they differ can be found here, but one of the standout features of the iPhone 5s was the Touch ID fingerprint scanner.

If the iPhone 5s Touch ID feature actually works and is not too gimmicky, like for example Siri, this could be a very interesting feature for the enterprise.

iPhone 5s users that enable the setting simply have to press on the device's home screen button, which now features a fingerprint detector around its perimeter, for it to unlock.

The system can also be used to authorise App Store and iTunes purchases, but for the time being at least can't be used to gain access to people's iCloud stores or Apple KeyChain Passwords.

During last night's launch event at Apple's Cupertino HQ, the consumer electronics giant assured users their fingerprint data would be encrypted and stored on the iPhone 5s A7 processor, and would not be backed up to its servers or iCloud.

Privacy protection

Apple's public declaration that Touch ID fingerprints will be encrypted has prompted several IT security experts to suggest to IT Pro the company is aware that users might take against the technology on privacy grounds.

Especially as people have much greater awareness of privacy issues these days, in the wake of the recent revelations about the NSA and GCHQ surveillance programmes.

Speaking to IT Pro, Alexander Hanff, an independent privacy expert, said even with Apple's assurances users should still tread carefully before handing over their fingerprints.

"They are a US company...so one should assume, if issued with an order under FISA or the Patriot [act] to provide access to the stored fingerprints, they will comply," he said.

"There is no way we can be certain that this fingerprint data will remain secure and, of course, any order to prevent access to it...would likely come with a gagging order to prevent Apple going public with the information," he added.

IT Pro contacted Apple for clarification on the point above, but had received no response at the time of publication.

Biometric boost

Biometric technology has been included on laptops for some time now, but few attempts have been made to incorporate it into smartphones.

Granted, Motorola had a go in 2011 with its Atrix smartphone, but could Apple's decision to include the functionality boost the adoption of iPhones within the enterprise?

Bob Tarzey, service director at analyst firm Quocirca, is not convinced, but said biometrics would help tighten up the overall security of the devices.

This is a point Apple made last night, with its claim that less than half of smartphone users bother to activate passcode protection on their smartphones.

"[That being said] fingerprint scanners are not infallible, but it would take a lot of effort for a would-be hacker to spoof a given user's fingerprint," he told IT Pro.

"Any access protection is better than none, providing it is convenient for the user, and at least we always have our fingers with us."

Anecdotally, iPhones are often flagged as a major carrier of the Bring Your Own Device (BYOD) trend into enterprise environments, but many CIOs are still wary of encouraging their use because of security concerns.

Alexandre Mesguich, vice president of enterprise research at market watcher Context, said this has the potential to change with the arrival of the iPhone 5s.

However, enterprise acceptance will hinge on whether users favour the convenience of biometrics over having to input a pin code every time they want to use their phone.

"If the iPhone 5s Touch ID feature actually works and is not too gimmicky, like for example Siri, this could be a very interesting feature for the enterprise because the constant need to put in a pin to operate a phone can be very irritating," he told IT Pro.

That may well be the case, but as Tarzey hinted above anyone who thinks a fingerprint-based approach to security will render smartphones impenetrable to hackers could be in for a nasty shock.

Graham Cluley, an independent IT security expert, told IT Pro: "As soon as the new iPhone 5s falls into the hands of hackers (both whitehat and blackhat), they will begin to look for ways to subvert the technology.

"Of course, finding a weakness in the system is very different from finding a practical exploit that could be used by criminals in real-life, but any chinks in the armour will be sure to gain the hacker who manages it notoriety," he added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.