As security systems go, wrist detection is clever: It lets you have the convenience of accessing your Apple Watch without having to continually re-enter your passcode or password, but provides enough security to protect your data, including Apple Pay credentials under normal circumstances. In that way it's similar to Touch ID, which can unlock your iPhone or iPad based on your fingerprint.
The problem is, if someone really wants to target you, and they're a highly skilled thief, they can remove your Apple Watch and keep their own fingers on the sensors long enough to maintain skin contact and keep authentication alive. (There's a one-second window to prevent accidental re-lock due to regular movements of the watch on your wrist, so that's the time gap they'd have to work with). Likewise, if someone really wants to target you, and they're a highly skilled thief, they can lift your fingerprint and make a double for use with Touch ID. It's not a likely occurrence for the vast majority of people the vast majority of the time, and it's not something to be scared or sensational about, but it is something everyone should be aware of.
Well this is always been true, while this has always been true, it gained attention today following a story by Gadget Hacks.
Neither are flaws or bugs or exploits. Both are conveniences, and conveniences always come at the expense of security. Want Siri or Control Center on your iPhone Lock screen? Someone can ask for your contact details or put your phone into Airplane mode. Don't want that to happen? Turn of Siri and Control Center on your Lock screen. Likewise, worried about skilled fingerprint forgery or pick pockets, don't use Touch ID or wrist detection.
Personally, I'm fine with wrist detection, just like I'm fine with Touch ID and Siri. I'm not fine with Control Center so I disable that on the Lock screen. Apple provides tools, I choose which ones I want to use.
With Apple Watch, you do have the option of immediately revoking Apple Pay using your iPhone or iCloud.com. You don't even need to make a phone call to your issuer or go through a procedure.
If somehow someone finds you incapacitated, or incapacitates you, then the Apple Watch is no more or less at risk than anything else in your possession. That includes your iPhone, which can be unlocked with your own finger, and your wallet, car keys, and other valuables.
I do wish iOS and Watch OS would provide the choice to require both passcode and wrist detection or passcode and Touch ID, so those who are really concerned about security could give up convenience for the additional security two-step provides.
Absent that, wrist detection on Apple Watch is the same as anything else — don't let anyone scare you. Be informed and make the best choice for you.
