Analysis: A look at the tech behind the rival fingerprint scanners
There were more than a few raised eyebrows when Apple introduced its fingerprint scanner, called Touch ID, in the iPhone 5S. Not only did it raise a number of privacy concerns there was also the worry that it wouldn’t be very good. We’ve had bad experiences with swiping fingerprint scanners on laptops umpteen times and then just reverting back to password protection. Thankfully, Touch ID works brilliantly.
It’s unsurprising, then, that Samsung followed suit with the inclusion of a fingerprint scanner in the Galaxy S5 – the latest and greatest Samsung flagship. They don't work in quite the same way, however, so we decided to take a closer look at how the two systems work and what they can do.
How do they differ?
The primary function of the fingerprint scanning tech on both phones is easy and secure access. You set up a number of fingers (five in the case of the iPhone 5S, three for the Galaxy S5) by either tapping or swiping over the fingerprint scanner until your fingerprints have been captured and stored.
You’re then set up to unlock your phone with a finger or thumb. Functionally, it’s really simple.
Both devices bring other benefits to the mix. You can use Touch ID to easily purchase from the App Store, iTunes and iBooks rather than having to input your convoluted Apple ID password. It makes buying apps or making in-app purchases really easy, dangerously so. I’ve found myself purchasing apps I potentially wouldn’t have been bothered with if I had to input a password.
There's also the fringe benefit it being able to use a 'complex' passcode without the tedium of inputting a long password every time you want to unlock your phone. But that’s about all it currently allows you to do; Apple does not let its app SDK anywhere near Touch ID at the moment meaning app developers cannot hook into it and use it. That may be all set to change with the announcement of iOS 8 at WWDC 2014, but we don't know that for certain yet.
Samsung has been less cautious with its approach and already provides this facility to app developers by providing access via the Pass API and has launched the Galaxy S5 with a fingerprint enabled PayPal app. This means you can pay for things using your PayPal account with a simple finger swipe. PayPal is just the start. With Pass API developers will be able to use the fingerprint scanner for payment, access into secure apps such as health and banking.
Currently the Pass package can be used by developers to:
- Request fingerprint recognition
Allows devs to use default or custom UIs and the option to add password as well as fingerprint identification
- Cancel fingerprint recognition requests
Powers down the sensor after 20 seconds if it’s not used to conserve battery life.
- Verify whether the fingerprint of the current user matches the fingerprint registered on the device
If the fingerprint is recognised this skips the register a finger process
- Register fingerprints through the Enroll screen
Lets devs jump to the fingerprint enrol screen if they’ve not yet registered any fingerprint.
You may also like:
- HTC One M8 Camera vs. A Proper Camera: Fake Bokeh On Trial
- Samsung Galaxy S5 vs Galaxy S4: What's new?
- iOS 8 release date, rumours, features and news: all you need to know
How do the finger print scanners work?
Apple and Samsung have taken very different tacks in terms of the technology used to power the fingerprint recognition.
Surprisingly, Apple has been very forthcoming with the technology used for Touch ID. The iPhone uses a steel ring that surrounds home button to tell the scanner to get ready. A square touch sensor then reads a fingerprint just by touch alone, negating the need for a swipe gesture and, as mentioned, means it is far more convenient than swipe scanners.
The Touch ID fingerprint scanner dissected
The capacitive touch scanner has a resolution of 500 pixels per inch (PPI) as well as 360 degree readability that ignores the position of the finger on the sensor.
The iPhone then scrambles the extremely detailed image into a mathematical representation and will keep adding detail so it gets more accurate the more it’s used. The image of your fingerprint is never stored and the mathematical representation cannot be reverse-engineered to show an image, which means your fingerprint won’t suddenly appear on a dodgy Russian torrent site.
Apple has taken the security of the fingerprint very seriously indeed and in addition to these safeguards it only allows the mathematical representations to be stored on device and never transmitted. It also resides in a secure section of the A7 SoC (system on chip), which is not accessed by iOS at all, just by Touch ID.
So far Samsung has been far less transparent about the workings and security of its fingerprint technology. But patent experts Chipworks has taken apart the fingerprint scanner of the S5, which shows off the tech in some detail.
It is split into two parts. One section is positioned under the screen about an inch above the home button, while the main sensor is under the home button.
It appears that the top sensor registers that a fingerprint needs to be scanned and activates the scanner. The inclusion of a Synaptics fingerprint scanner suggests that Samsung may be using Synaptics Natural ID technology, which is online transaction ready.
This is all a little circumstantial and we still do not have a clear idea of how the fingerprints are converted or stored although Samsung has revealed that, like the Touch ID on the iPhone, fingerprints are stored in a secure location on the device and not in standard flash storage – i.e. it doesn't share access with third-party apps.
The support of PayPal also provides some reassurance. PayPal has been in the e-commerce space for 15 years without major incident and is a member of the FIDO Alliance, together with Google, Mastercard, Microsoft and Synaptics.
FIDO aims to change the nature of online authentication and reduce the reliance on passwords to authenticate users. Synaptics’ Nature ID conforms to FIDO standards, so the PayPal partnership makes sense.
How well do each of them work?
More than a few reviewers waxed lyrical about Apple’s implementation of Touch ID on the iPhone 5S, and with good reason. It takes about 20 seconds and a dozen or so presses to register a finger and then you can simply unlock your phone by resting your finger or thumb on the sensor. If the screen is off and you press the home button the iPhone 5S turns on its screen and provides you access within a second. It's also unfussy – it can recognise your finger regardless of the position it’s in, even if it’s upside down. This makes it really easy to use with one hand.
Samsung’s scanner is more reminiscent of the type you’ll find on an old laptop, though that’s not to say it’s as bad. You need to register your fingers by swiping them from the bottom of the screen down and over the wide home button. Eight successful swipes stores your fingerprint.
We’ve had differing experiences using it at TrustedReviews. I found it responsive and easy to register my thumb and fingerprints as long as I was careful and kept my finger straight. Other colleagues found that it took more than twenty swipes to register a finger and often took multiple attempts to recognise it and provide access. Your finger needs to be so straight and you need to move it, which means that you’d struggle to unlock the Galaxy S5 one-handed.
On current evidence the iPhone’s implementation appears slicker in use. The fact that it recognises your fingers regardless of position and doesn’t require a swipe movement are a major bonus in terms of simplifying its usage. It’s just a lot more intuitive.
Should you be concerned about privacy and security?
There’s one very big difference between biometric authentication, like fingerprint scanning or iris recognition, and more traditional password based security. Unlike passwords, if your fingerprints are compromised in any way you cannot change them.
Using fingerprints as a form of authentication is still in its infancy, which makes it very difficult to tell how dangerous using them will be if or when it becomes mainstream and therefore a bigger target. Currently, it’s not a very valuable target for criminals looking to steal identities but that could change very quickly if we begin to use them as our main authentication for accessing our bank accounts, for example.
The truth of the matter is that on mobile devices like the iPhone 5S and Samsung Galaxy S5, fingerprint scanners will likely improve overall security for most users. There are plenty of people who don’t bother even adding a passcode to their phones because it’s a pain to keep inputting it. Fingerprint scanning is the best solution to this I have experienced so far. And while fingerprints can be lifted, a mould made and latex imitations that can convince fingerprint scanners it’s the real deal created, this is a very highly labour intensive task and it’s highly unlikely "normal" users will ever be victims of such a crime.
Which is better?
We don’t yet know enough about how the Galaxy S5 fingerprint scanner to compare the security of the two. From a functional perspective, though, the Galaxy S5 does more. Not only can you secure your phone, but you can use it to purchase and pay using PayPal. Unfortunately, it’s no-where near as slick as the Touch ID so the iPhone currently wins the shootout in terms of pure ease of access and usability.
Next, read our Galaxy S5 vs iPhone 5S