Apple iOS vs Android: What Are the Differences in Biometric Authentication?

iOS vs. Android: Biometric Authentication

If anyone tries to persuade you that biometric authentication has killed the traditional password, don't believe them. Although we use fingerprint readers and facial recognition multiple times a day, we still have passwords, and this is unlikely to change any time soon.

Fundamentally, biometrics has revolutionized the way we think about the security of our mobile devices. Before fingerprint readers became mainstream, quite a few people had smartphones that weren't protected in any way. Users just couldn't be bothered to enter passwords or draw patterns every time they wanted to check on their Facebook feed, and so, they disabled all the security mechanisms, and in the process, they left some extremely sensitive information exposed. After biometrics arrived, these users were finally presented with an easy-to-use, lightning fast authentication system that, as an added bonus, made people feel like James Bond.

Setting the trend and following it

Knowing full well that we might upset some people, we're going to credit Apple with making this revolution possible. Indeed, some Windows phones were fitted with fingerprint readers long before the iPhone 5S, and Android gadgets have had some form of facial recognition since the early versions of Google's mobile operating system. There's no denying the fact, however, that Apple was the company that brought biometric authentication to the masses.

With that said, you don't need to own an Apple device to have biometric authentication. Shortly after Touch ID made its debut, many Android smartphones and tablets got fitted with fingerprint readers. At first, this type of technology was only available on expensive, flagship devices, but gradually it found its way to cheaper phones. Last year, when iPhone X came out, many Android fans suddenly found themselves wanting to unlock their phones just by looking at them, and manufacturers had no choice but to improve and re-introduce the facial recognition feature in their higher-end devices. Soon, it will probably be more widely available.

All in all, when it comes to biometrics, owners of iDevices tend to get the technology first, but Android users receive it at a lower cost. Does this mean that the features they have aren't as good? Let's take a closer look.

Fingerprint readers in iOS and Android

Apple introduced Face ID because it wanted to produce a phone that had an edge-to-edge screen and no bezels. As a side effect, the fingerprint reader embedded in the Home button was removed. Android manufacturers, however, aren't ready to let it go that easily. They too want to minimize the size of the bezels, but they also want to keep the fingerprint authentication feature which is why they are moving the reader under the screen.

In-screen fingerprint authentication is still a new concept, and although it's available on a few production devices, reports suggest that compared to the more traditional hardware, it is somewhat slow. Then again, if you are old enough to remember the first generation of touch screens, you'd know that if there's a demand for it, the technology will be developed quickly.

When it comes to older fingerprint readers, both Android fans and owners of older iDevices have nothing to complain about. Even the first generation of Touch ID is reliable enough, and more recent implementations on both Android and iOS unlock the devices in milliseconds.

Many Android devices have their fingerprint readers on the back which, according to some, is an ergonomic nightmare, though this is more likely due to them being used to one layout, and not the other. In short, while in-screen readers have some catching up to do, the physical fingerprint scanners are reliable and fast enough regardless of whether you choose Android or iOS. The same can't be said about face recognition, though.

Face recognition in iOS and Android

As we mentioned already, facial recognition in smartphones isn't exactly a new feature, but it must be said that although it is available on older Android devices, it can't be considered a viable authentication system. Apple's Face ID is a much more secure implementation of the technology, and it's fair to say that the Cupertino-based giant is rather proud of it.

They even say that it's much better than Touch ID which is quite a claim. When you're trying to unlock your device, Face ID projects no less than 30 thousand infrared dots on your face. A sensor "sees" where they are, and if they match the correct location, the system unlocks the device. According to Apple, 1 in 1,000,000 faces might be able to fool Face ID. By comparison, the odds of bypassing Touch ID sit at just 1 to 50,000.

As we mentioned already, Face ID made facial recognition technology relevant, and for the last year or so, Android device manufacturers have been trying to implement it into their new products with mixed success. Some of the phones and tablets do come with clever technology, but with others, bypassing the facial recognition feature requires nothing more than a photograph. Some of the manufacturers themselves realize that what they have isn't secure enough, and they don't let you authorize payments through facial recognition alone. If that's the case, make sure you don't put too much trust in this particular feature of your device. This, by the way, brings us neatly into a question many people are asking.

Is biometrics' security bulletproof?

No, it's not. Mere weeks after Touch ID's debut, security professionals showed that if you collect the fingerprint of the device's owner, you can create an accurate replica and successfully bypass the authentication system. More or less the same thing happened when a scary-looking 3-D printed mask defeated Face ID shortly after it was introduced. Rumor has it that manufacturers are now working on iris-scanning technology which will probably suffer the same fate, and although the more widely publicized attacks are usually aimed at Apple devices, Android users are just as vulnerable. But just how vulnerable are you?

With the exception of older or less sophisticated face recognition features in some Android devices, bypassing a biometric authentication in this day and age requires quite a lot of skills, effort, and luck. Attackers aren't prepared to go through all that trouble if the profit in the end isn't worth it. And fortunately, in most cases, it isn't.

We're happy to say that the manufacturers have done what they can to ensure that there is no easy way of attacking biometric authentication systems. The biometric data never leaves your device, and the way it's stored doesn't allow hackers to reconstruct your face or fingerprint from it.

What all this means is that while biometric authentication can be hacked in theory, for most of you, this doesn't mean that you should stop using it, regardless of whether you prefer iOS or Android.

November 7, 2018

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 4 + 10 ?