Interested in buying a smartphone with a fingerprint sensor?

Fingerprint sensors are broken by design. There’s no way of denying it. You leave your prints on pretty much every smooth surface you touch (i.e. the back of your phone) and you cannot change them, after they get lifted. Compare that to password protection: everyone knows that you should never write your passwords down and change them immediately once someone else figures them out.

Fingerprints fail even the most basic requirements you could have for authentication: the ability to keep the authentication token private and the ability to change the token when it gets compromised. Yet, more and more smartphone manufacturers are hopping the bandwagon, eager to sell a defective by design product. Their excuse: “People don’t like bothering with unlocking their phones. Giving them a hassle free but weak protection is better than them not using any protection at all”. Makes sense. And like so many things that intuitively make sense, this is utterly wrong. No protection at all is actually better than weak protection.

Think about it. Would you put your valuables in a box that cannot be locked? Probably not. Your smartphone is a box that is designed to serve as your digital wallet and your online passport. The “smart” part of your phone is all about you storing as much sensitive information about yourself (credit card number, accounts, bookmarks, contacts, appointments,…) on the device as possible. The “phone” part is just an appendage for making calls. You wouldn’t use the “smart” part to it’s full potential (or at all) if you couldn’t convince yourself that your personal information is well protected. But if you didn’t trust the “smart” part enough to use it, you could simply buy a much cheaper flip phone.

There is no good reason to trust a smartphone. Flip phones were network centric devices and, in the past, provided great customer binding for the telcos: you’d sign up with the same service your friends were on in order to get cheaper call rates and you wouldn’t switch services easily because that meant having to tell everyone your new number. Smartphones are data centric devices. They provide great customer binding for whoever manages to hold your digital assets hostage. The more stuff a smartphone vendor can coax you into putting into their (cloud) service, the less likely you are going to switch brands (that’s why you get free cloud storage, email addresses,… everywhere). It’s really the same game, Microsoft has successfully been playing with Office for ages and everyone eventually learned to regret building on proprietary file formats.

No protection at all is the safer way to go. If you don’t/can’t trust your phone to keep your digital assets safe, then you’ll instinctively store less on it. This significantly lowers your risk of identity theft and, more importantly, vendor lock-in. The later being the thing you really should be concerned about, because that’s what will cost you money in the long run for sure.

Fingerprint sensors, just like lockscreen, are a security placebo. Smartphone manufacturer put them into their devices, not because they provide actual security, but because the product wouldn’t sell otherwise. The whole business model really depends on somehow making you believe that a garden shed with a $5 padlock is a suitable place to store your family jewels.

Posted in Persepective, Security