Touch ID and passcode protection for every app would protect our data no matter where it is, or who's trying to access it.
Right now, if I hand my iPhone or iPad to someone to see a photo, social media posting, make an emergency call, or check out a website, I'm also handing over access to all my messages, personal photos, and even passwords and credit cards. iOS 10 has just shipped, and iOS 10.1, iOS 10.2, or iOS 10.3 might have a trick or two up their sleeves. But Apple's already hard at work setting up for iOS 11, and one of the things I'm hoping makes the feature list is optional Touch ID and password protection for every app.
Touch ID everywhere
That's far, far easier to write than to engineer of course. Apps are interconnected. With Photos, there's the ImagePicker that lets you pull images and videos into other apps. With Messages, there's the Share Sheet extension that lets you send almost anything to almost any one. With Health, there's syncing data both into and out of other apps and even accessories.
Managing all of that at the app level — which is what the Touch ID API allows everything from password managers to bank apps to do already — is one thing. Managing all of that at the individual item level us quite another.
In other words, you don't get asked for Touch ID or a password simply to open the Notes app. You get asked for Touch ID or a password to open protected notes inside the app. That same kind of granularity could apply to other apps, depending on the type of data they contain.
For example, Messages could allow the protection of individual conversation threads. Health of entire categories. Photos could offer both protected Albums and protected pictures and videos.
Albums would require passcode or Touch ID to open, individual pictures and videos would be visible and accessible only when the protected album was unlocked. Neither would show up in Moments, Collections, Years, or ImagePickers outside the protected album.
Protecting the entire app, like a password manager or bank client, could make sense for Notes, Messages, Health, and other apps as well. It could be enabled on an app-by-app basis in Settings, the same way Notifications or Location are. Toggle on and you're asked for your passcode or Touch ID. (Whether or not per-app passcodes would be beneficial or burdensome is another question.)
Protecting the individual items, like in Notes for iOS 9.3 might only make sense in some specific cases. Either way, just like Notes, it would let us keep any health, financial, picture, document, password, or other data safe and secure, regardless of what it is or where we keep it.
(If done right, it might even obviate the need for a Guest Mode and GuestBoard.)
App Store apps could even move their Touch ID options out of the per-app settings and into the unified Touch ID settings, making for a more consistent experience.
The biggest issue is the passwords themselves. Notes requires you to create a specific password just for Notes, which then also allows Touch ID to "fill" it. Having to create — and remember — an app-specific password for each app would be odious if not impossible.
Currently I only remember my 1Password app password, and copy out everything else to paste in for my banking app, even Notes when it doesn't come immediately to mind.
Perhaps Keychain could help here, perhaps I'm just leaving in a beautiful dream world. Either way, here's hoping Apple is already working on something like that for an iOS 10 update... or iOS 11!
What's on your wish list?
What do you want to see when it comes to iOS 11 app security? Let me know!
I've filed this as a feature request with Apple: rdar://24817355. If you have any ideas about securing iOS at the app or item level, let me know below!