Apple Watch, Apple Pay, and wrist detection: What you need to know

As security systems go, wrist detection is clever: It lets you have the convenience of accessing your Apple Watch without having to continually re-enter your passcode or password, but provides enough security to protect your data, including Apple Pay credentials under normal circumstances. In that way it's similar to Touch ID, which can unlock your iPhone or iPad based on your fingerprint.

The problem is, if someone really wants to target you, and they're a highly skilled thief, they can remove your Apple Watch and keep their own fingers on the sensors long enough to maintain skin contact and keep authentication alive. (There's a one-second window to prevent accidental re-lock due to regular movements of the watch on your wrist, so that's the time gap they'd have to work with). Likewise, if someone really wants to target you, and they're a highly skilled thief, they can lift your fingerprint and make a double for use with Touch ID. It's not a likely occurrence for the vast majority of people the vast majority of the time, and it's not something to be scared or sensational about, but it is something everyone should be aware of.

Well this is always been true, while this has always been true, it gained attention today following a story by Gadget Hacks.

Neither are flaws or bugs or exploits. Both are conveniences, and conveniences always come at the expense of security. Want Siri or Control Center on your iPhone Lock screen? Someone can ask for your contact details or put your phone into Airplane mode. Don't want that to happen? Turn of Siri and Control Center on your Lock screen. Likewise, worried about skilled fingerprint forgery or pick pockets, don't use Touch ID or wrist detection.

Personally, I'm fine with wrist detection, just like I'm fine with Touch ID and Siri. I'm not fine with Control Center so I disable that on the Lock screen. Apple provides tools, I choose which ones I want to use.

With Apple Watch, you do have the option of immediately revoking Apple Pay using your iPhone or iCloud.com. You don't even need to make a phone call to your issuer or go through a procedure.

If somehow someone finds you incapacitated, or incapacitates you, then the Apple Watch is no more or less at risk than anything else in your possession. That includes your iPhone, which can be unlocked with your own finger, and your wallet, car keys, and other valuables.

I do wish iOS and Watch OS would provide the choice to require both passcode and wrist detection or passcode and Touch ID, so those who are really concerned about security could give up convenience for the additional security two-step provides.

Absent that, wrist detection on Apple Watch is the same as anything else — don't let anyone scare you. Be informed and make the best choice for you.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

8 Comments
  • Has there ever been anyone, anywhere who has actually had their fingerprint lifted and a "fake finger" made? Outside of technical demonstrations that is. The very idea that a thief is going to do this CIA level crap is just ridiculous, and it seems to be included here just for sensationalism.
  • It kind of fits in with the smug Apple user perception really. I honestly think a lot users believe the marketing that they actually own something so unique and rare
  • Highly improbable. There's more of a possibility of someone incapacitating you and using your fingerprint to unlock a device than the "super spy, Mission Impossible" fingerprint casting.
  • he never mentioned a fake finger... Sent from the iMore App
  • Initially I turned off both Control Center and Siri from the lock screen but when iOS 8 and the "Hey Siri" trigger was released I decided to turn back on Siri access from the lock screen so I'm right there with you Rene. I just wish you could turn off Siri's access to settings (airplane mode, etc.) from the lock screen but I'm not super paranoid about someone stealing my phone and turning off the wireless so I can live with the settings we get to choose from.
  • I do think that Apple really needs to release some form of Activation Lock for the Apple Watch, I don't know exactly how it would be implemented but I feel like it's a pretty big oversight either way.
  • What I need to know. Apple pay isn't in the UK. That's all I need to know. No watch until it is. Sent from the iMore App
  • A tangential comment, sparked by Mr. Ritchie's comment that "Apple provides tools, I choose which ones I want to use." Unless I have missed something -- perhaps I have -- Apple has not provided one crucial Apple Pay tool, the lack of which will forever keep me from Apple Pay on iPhone and Apple watch: The tool that allows me to keep my Apple Pay credit cards fully registered even when I take the password off the phone at home, after work. As is, when I turn off the password protect after work at home, Apple erases my cards, and Bank of America and Amex, to take two examples, send emails saying their cards have been erased from Apple Pay. My wallet has far, far more valuable credit cards in it, without a wallet password; and, re-entering the cards each day is way more work than the simple act of paying by credit card. I don't need Apple to nanny my Apple Pay, thank you.