Apple patent application reveals iPhone security feature that records fingerprints of thieves

“Being the leading portable devices company in the world, Apple is constantly advancing new security features so that consumers and business executives could be assured that their sensitive data is locked down,” Jack Purcher reports for Patently Apple.

“Apple’s iOS based devices currently come with a certain degree of security with features like ‘Find My iPhone,’ high end encryption and remote wipe,” Purcher reports. “Apple is also working on advanced biometrics such as using heart sensors to detect an unauthorized user.”

“Way back in 2010 Patently Apple covered a patent application showing that other new security features were on the way including taking a photo of the thief recording the thief’s voice if they make a call,” Purcher reports. “Since then Apple has added Touch ID to the iPhone and so they’ve now updated their security intellectual property to include this feature to assist authorities in catching an iPhone thief.

Read more in the full article here.

MacDailyNews Take: We can’t wait until the first conviction based on evidence gathered by a stolen iPhone’s Touch ID!

12 Comments

  1. So if I hand my iPhone to my family member for whatever reason, Apple will record that as an unauthorized use?….
    Or let someone try on my watch to show them how it works.. And even though I unlock it and am standing right there, it’s unauthorized?

    Apple always said they were not storing biometric data, now they are getting patents to do just that.

    Nice opt-in only option…

    1. I think you shouldn’t jump to any conclusions. This is just a patent filing. As such, it is meant to prevent anyone else from using a similar concept or idea.

      Actual implementation, if it even happens, will be done the right way.

    2. Smart patent. A thief will need to touch the home button. Once the phone is reported as stolen, this is one more tool to find and prosecute the thief.

      The thieves won’t even want to touch iPhones. They will be left with meager remains, android phones.

      Or use gloves?

  2. Technology has long ago been available that could enable better tracking and recovery of stolen smartphones. Find My Phone has been successfully used many times for this.

    The main problem is that none of the existing features that have been used for finding stolen phones have actually been designed explicitly for this purpose. The issue isn’t quite that simple. On the one hand, we have the privacy concerns, if the phone is to take fingerprints, still photos, video and audio recording of the person handling it (without that person’s consent), which may cross some legal lines in most American jurisdictions. On the other side, you have the issue of admissibility of any such evidence in court, and then potential liability.

    When such features are built (for the explicit purpose of tracking and recovery of stolen devices), Apple will need to work with law enforcement and justice system, not just in the US, but also in a few other large markets. They would need to ensure two things:

    1. The system provides reliable and legally admissible an actionable evidence; and,
    2. That the system doesn’t violate any existing laws (privacy infringement, or similar).

    Apple users have often been victims of theft (In my case, at various times, a MacBook Pro, a white unibody MacBook, and an iPad 2), and it is frustrating to watch your devices pop up in various parts of the city on Find My Phone / Mac / iPad, and yet be powerless to do anything about it because local law enforcement simply can’t use that evidence as “probable cause” to enter someone’s private property.

    1. This is my point. It’s not apples job, and what apple does *may* cause more harm. Legally.

      Now I read at the top this may be for business iPhones… That’s a lot better. Those are phones belonging to a company, they can (the companies) collect data like that. The private citizen.. Apple can’t do that. Privacy laws would be in the way, and I’m just talking in the US.

      1. It really doesn’t matter whether it is a corporate or private device, and this isn’t about violating privacy of that private owner. Apple already has our private date: our pictures, contacts, credit cards, a lot of it. They have it because we agreed to let them have it. This could work in the same way, with Apple allowing you to agree to have your biometric data.

        The point is, Apple wouldn’t need to ask you to consent to store that data. The intruder detection feature could be engineered to never really have to share your private biometric information (fingerprint). As it works now, your fingerprint is authenticated from that ‘secure enclave’ on the phone. The new intruder detection feature could work in such a way that if that authentication fails, the TouchID sensor would then transmit the data it read (and which didn’t match the stored info in the ‘secure enclave’) to Apple, or the law enforcement, or wherever. Your own fingerprint info is still safe and private, but intruder info is shared with the police.

        And therein lies the privacy breach. By sending intruder’s biometric data (fingerprint, photo of his face, video, audio) that was surreptitiously recorded without intruder’s consent, you are violating intruder’s legal rights and evidence gained from that data is automatically inadmissible in court.

        A legal work-around here will have to be figure out how to inform intruder that he may be recorded beforehand. Much like those mandatory placards or warnings “This are is monitored by CCTV”, or “This conversation may be monitored or recorded for training purposes”. Perhaps when the incorrect authentication triggers the “stolen mode”, the screen could display all the privacy warnings, along the lines of: “This phone is now considered stolen. It may automatically record audio and video and transmit it to local police. Please return this phone immediately to its owner or the police.”

        There must certainly be ways to make this legal and admissible in court. Apple just needs to do the necessary research. After all, they do have an army of lawyers in their Legal Dept…

        1. TouchID *fails* if your fingers are cold, or the least amount of perspiration on the finger.
          My mothers iPhone will not read her finger, ever. I have my thumb in her iPhone and proved to Apple (genius bar) it’s not the iPhone. Her hands are always cold due to arthritis, poor circulation from old age etc (don’t let her read that…) Touch ID is not perfect, it doesn’t work as intended for everyone or in every situation.

          Hell I get out of the shower in the morning and most times have to type my passcode cause my iPhone doesn’t read my fingers.

          Auto sending of the data like you said would be really bad.

          Opt-in, and only sent IF you report iPhone stolen etc.

          1. I don’t think anyone in their sane mind would suggest the iPhone automatically triggering this ‘stolen mode’ on a simple TouchID failure. That would be a net cast way too wide.

            For me, TouchID works incredibly well. It takes fraction of a second to authenticate when the phone is awake on lockscreen. As soon as I barely even touch the sensor, the device unlocks. Of course, after washing hands (or sweating heavily), or out in the freezing cold, this becomes a problem, and the limitations of such a sensor become clear.

            While it may be nice for the ‘stolen mode’ to be automatically triggered by some specific sequence of events, I think it would be difficult to come up with the most optimal, foolproof set of events that would eliminate (or reasonably minimise) the percentage of false positives, while reliably activating when the device is really stolen. Right now, you can manually turn on ‘Activation Lock’, but only remotely, through Find My iPhone. This of course is a given — there is no doubt that the feature would allow for this kind of manual activation. The more important question is whether it would be possible to come up with a way for it to reliably turn on this Activation Lock automatically, when the phone appears to be stolen. And only then, once the phone is determined to be stolen, would the device transmit data (audio, video, images, fingerprint(s). And perhaps, to placate the most paranoid, even this feature would be under owner’s control.

          2. You are stretching for this. The Stolen iPhone mode could be set up to only be activated when the owner chooses to activate the lost or stolen mode through “Find My iPhone” and essentially claim it is no longer in his possession. It is highly unlikely that it would be a default setting that would activate after a few tries by the owner’s own finger failing to operate the TouchID function.

  3. If Apple can record a fingerprint of an unauthorized user and release it to law enforcement, law enforcement will rightly say “why can’t you then bypass touch id and unlock phones for us”.

    Either our stuff is private of it is not. I would rather give up a stolen phone for lost than give up my privacy.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.