Touch ID API (image 001)

A year ago, PayPal CISO Michael Barrett spelled doom for existing verification methods based on passwords and expressed hope that the then unreleased iPhone 5s would kill the password once and for all. As it turned out, Apple limited the handset’s fingerprint scanner to iTunes purchases and user authentication on the Lock screen.

But with the iOS 8 SDK now official, Apple has opened up Touch ID to developers and PayPal is first out of the gate with the official confirmation that it is working on integrating Touch ID authentication into its mobile apps…

BusinessInsider has learned that the eBay-owned payment giant is planning to use the new Touch ID APIs in iOS 8 to authenticate users and confirm payments by way of a simple fingerprint scan.

An unnamed PayPal source told the publication:

It seems to be a fairly easy API to use, but we’re still kicking the tires.

Thad Peterson, senior analyst at Aite Group, thinks opening up Touch ID to third-parties is a huge development.

“If I can use PayPal with the iPhone using my thumbprint, that creates incremental value for consumers.” Plus, Apple will collect valuable information, Peterson adds. “That’s the advantage of throwing it out to developers, it’s a testing ground to see what works.”

The Touch ID API protects logins and user data by tapping the Secure Enclave on Apple’s A7 processor, which protects data and isolates it from the rest of the system.

Like with the iPhone 5s’s fingerprint sensing, your prints used in third-party apps never leave your device, are never synchronized with the cloud and – most importantly – developers never get to access your fingerprint data stored inside the Secure Enclave, pictured below.

Apple A7 chip (Secure Enclave 001)

Apple assures Touch ID APIs don’t expose users’ prints to third-party apps.

All apps get in return is the confirmation of a successful match. The API then unlocks predefined user passwords and other information previously stored in the system Keychain.

“Your app can now use Touch ID to authenticate a user before accessing some or all content in your app,” notes the company on its portal for developers. “Fingerprint data is protected and never accessed by iOS or other apps.”

Apps using the new Local Authentication framework will first display an alert to the user containing an application-specified reason for why the user is authenticating.

“When your app gets a reply, it can react based on whether the user was able to successfully authenticate,” explains Apple, adding that developers should provide a clear explanation of what action an app will be taking based on Touch ID authentication.

Activator + Touch ID

Much like iTunes purchases and unlocking the device with Touch ID, Touch ID functionality in third-party apps adheres to the same principles Apple outlined last year.

As a reminder, this means that Apple employs a complex mathematical model to derive a fingerprint profile based on the scans. The actual images of your fingerprints are never stored. Furthermore, the fingerprint profile is encrypted and stored into the Secure Enclave portion of the A7 processor, accessible only by the Touch ID sensor itself.

And, it’s never transferred to Apple’s servers or synced with the network of any kind.

The PayPal app is available free in the App Store.

  • Modest

    Yes. Please.

  • Omar Ruiz

    Can’t wait till the official release to enjoy all these features!

  • jack

    “Secure enclave” my ass

    • ✪ aidan harris ✪

      Your ass must be inherently secure for you to be comparing it to the TouchID secure enclave.

    • Maxim∑

      If Apple didn’t put it in the secure enclave they would have been caught a looong time ago by the dev/jailbreak community

      • jack

        Just like Dropoutjeep was discovered by JB community right… Dont be naive

  • coLin

    Everything for our comfort lol

  • Now Samsung will be pissed as this is one of their main features, PayPal integration with fingerprint sensor.

    • hkgsulphate

      ^awful fingerprint sensor

    • Your Mother

      why would they be pissed., the industry is used to apple stealing features to include into iOS.

      you only posted that comment to get up votes.

  • David Gitman

    yes

    • Tobias9413

      Can we get someone to keep this image from being posted on EVERY SINGLE THREAD. Honestly it was funny at first, now its annoying and stupid. We get, you’re ready. Now stop.

      • David Gitman

        Ok ok I will stop

    • SteveZ

      Yall kids! Stop using this stupid picture!

      • David Gitman

        Ok

    • Mozaik

      Who is that guy ???

      • David Gitman

        The phrase was originally uttered by Nintendo executive Reggie Fils-Aime[1] during the company’s demonstration of Wii Fit at the E3
        press conference held on July 11th, 2007. As Japanese game designer
        Shigeru Miyamoto and translator Bill Trinen unveiled the Wii Balance
        Board, Fils-Aime walked up onto the stage and stated “My body…My body is
        ready” before stepping onto the accessory to start the demonstration.

      • Mozaik

        Ohh , thanx for info.

      • David Gitman

        sure man np

  • Sounds so unreal but what if you by accident burn your finger or something

    • Arturo Polanco

      just put the password

    • David Gitman

      maybe you could use your finger and your password

  • regkilla

    This is awesome.

    • FrankensteinBlack

      Certainly is but in the mean time iTouchSecure (jailbreak app by SOL) is as close as it gets…

  • sosarozay300

    better than samshits implementation

    • Your Mother

      how so?

      • sosarozay300

        touch id works, samsung finger printer swiper doesnt

      • Your Mother

        touch id on both devices can be bypassed, both touch id’s have a failure rate.

        just stop your blind worship of apple and hatred for a product you’ve never used.

      • sosarozay300

        assuming i havent used anything other than apple lol.. i started out with a android phone (motorola cliq), ive used the galaxy note 2 and galaxy s4 as primary phones when they were released and i hate them

      • Your Mother

        interesting how you hate them but used them. hmm.

        nobody, absolutely nobody uses a Note and hates it.

  • Hyr3m

    F PP

  • Your Mother

    copycats