Skip to main content

More than Notes, we need Touch ID protection for every app

With iOS 9.3 Apple will be giving us the ability to secure notes in the Notes app with TouchID or a password. It's a great way to keep personal information protected, but only if you keep it in Notes. Imagine if Apple took the feature and made it system-wide. That way, whether it's your photos or messages, your mail or health data, you'd be able to secure it with Touch ID or a password.

Touch ID everywhere

Touch ID sensors on multiple iPhones

Touch ID sensors on multiple iPhones (Image credit: iMore)

That's far, far easier to write than to engineer of course. Apps are interconnected. With Photos, there's the ImagePicker that lets you pull images and videos into other apps. With Messages, there's the Share Sheet extension that lets you send almost anything to almost any one. With Health, there's syncing data both into and out of other apps and even accessories.

Managing all of that at the app level — which is what the Touch ID API allows everything from password managers to bank apps to do already — is one thing. Managing all of that at the individual item level us quite another.

In other words, you don't get asked for Touch ID or a password simply to open the Notes app. You get asked for Touch ID or a password to open protected notes inside the app. That same kind of granularity could apply to other apps, depending on the type of data they contain.

For example, Messages could allow the protection of individual conversation threads. Health of entire categories. Photos could offer both protected Albums and protected pictures and videos.

Albums would require passcode or Touch ID to open, individual pictures and videos would be visible and accessible only when the protected album was unlocked. Neither would show up in Moments, Collections, Years, or ImagePickers outside the protected album.

Scaling security

Protecting the entire app, like a password manager or bank client, could make sense for Notes, Messages, Health, and other apps as well. It could be enabled on an app-by-app basis in Settings, the same way Notifications or Location are. Toggle on and you're asked for your passcode or Touch ID. (Whether or not per-app passcodes would be beneficial or burdensome is another question.)

App Store apps could even move their Touch ID options out of the per-app settings and into the unified Touch ID settings, making for a more consistent experience.

Protecting the individual items, like in Notes for iOS 9.3 might only make sense in some specific cases. Either way, just like Notes, it would let us keep any health, financial, picture, document, password, or other data safe and secure, regardless of what it is or where we keep it.

(If done right, it might even obviate the need for a Guest Mode and GuestBoard.)

Here's hoping Apple is already working on something like that for iOS 10... or beyond!

I've filed this as a feature request with Apple: rdar://24817355. If you have any ideas about securing iOS at the app or item level, let me know below!

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • It would be great if Touch ID was everywhere (including the Mac).
  • That would be great to have on Mac... Use MacID app .. Helps lock and authorise changes on Mac... And many more features Sent from the iMore App
  • Does this mean the protected notes are encrypted when backed up to iCloud?
  • Hard to say given Apple doesn't publicist these things, but I take it to mean only that the notes are "passcode protected" by your system password (and Touch ID). They might be encrypted as well, but if they aren't passcode protected in the Cloud, then Apple is not doing it's job very well.
  • My device is jailbroken and I have Biolockdown by Rya Petrich and this tweak have all sorts of customization like protect the device from power down, it protects an incoming call from being displayed until you authenticate with your fingerprint and a bunch of useful stuff more
  • So you jailbreak your phone, you allow a sketchy third party security app from Cydia, made by ... "some guy," to access the Touch ID sensor and the secure enclave, and then you come here to advise us on "security"??? Hmmm.
  • I would think true multiuser support is the proper answer to the problem you describe. You don't secure every application on your desktop with a password. That doesn't exist because no one would ever want to do that. You just setup separate user accounts for separate people. Apple is adding multiuser support to iPad for schools in 9.3. I suspect will see a full rollout of multiuser support in iOS 10 (X?).
  • That'll be awesome, specially to answer a phone call, photos, calendar, wallet, social media apps.. The list keeps going. Sent from the iMore App
  • I like the idea of extending Touch ID to apps like Notes in general, (and Pages!) but the picture this article paints is a bit horrendous isn't it? Touch ID doesn't work *all* the time, and it's also "fiddly." The absolute confusion created, by using it not only on a system level, and not only on an app level, but also on a sub-app level, all at the same time would be a nightmare. It's a classic case of diminishing returns. The confusion and difficulty would completely outweigh the utility, and overall it would make people *less* likely to use Touch ID and more likely to just throw up their hands and forget about using it anywhere at all. Touch ID for apps that handle documents or sensitive information makes a great deal of sense. Touch ID "let loose" in the manner suggested here would be a PC nightmare and just encourages a culture of paranoia. There is a lot of information that customers may *believe* is "secret," or that they may *wish* to be so, but for the most part these things aren't really anything that needs to be secret at all. If you have, and use Touch ID on your phone just to get into it, you certainly don't need to also Touch ID your health information (or as suggested, just some categories of it). That's just crazy talk and would do more harm than good.
  • Reminder to you that Touch ID can be beaten with play-doh ;)
  • Not true actually.
  • I don't just leave my fingers laying around though.
  • Touch ID doesn't require a warrant. A law enforcement officer can compel you to use your finger to unlock your phone. In other words, Touch ID is NOT protected by the Fifth Amendment whereas your password is. While it's nice to have Touch ID quickly and securely unlock your phone and apps, it's not protected in a court of law.
  • I don't think this is actually true but even if it was, when you're arrested you'd probably be sweating and that would render Touch ID inactive anyway. On a more serious note, Touch ID is actually just a convenience to get through the passcode more easily. The phone has to be locked with a passcode for Touch ID to work, so I'm pretty sure if it went to court it would be the same thing. In any case I can't see the cops tying folks down and forcing their fingers onto the button one at a time to see which one works. If that's actually possible in your country, you should move to a free country instead. Also, if you see the cops coming, you could just turn off your phone. The passcode is required after a reboot.
  • Or don't break the law. That's the easiest way to comply.
  • Innocent people get arrested every day. Sent from the iMore App
  • You're absolutely delusional if you think only people that "break the law" are bothered/harassed by cops or arrested. The fact is that the *majority* of people stopped by police and handcuffed in the street or searched, are actually 100% innocent at the end of the day and are released. You can look this up quite easily, it's been true for at least the last 20 years or so in the USA. Cops routinely use this as a way to search people who they find "suspicious" (i.e. - black, hispanic, poor, etc.). As long as they eventually drop whatever trumped up charge they made, the individual has no (practical) legal recourse. This is why the USA is effectively a "police state." The cops have absolute authority to do pretty much whatever they want because unless you are rich, what are you going to do about it? File a false arrest claim? Where are you going to get the money to fight that multi-year court battle? And who's going to care?
  • Especially for photos.
  • Oh for crying out loud, how much more security do you friggen need! It's painful enough now let alone another layer... My phone is my phone and no other child (my own) are allowed on it and neither do I give it to other adults... Apple have made the phones secure enough... Even the FBI can't get in ;-)
  • I want for whatsapp Sent from the iMore App
  • Oh please, god, no. The last thing I want to be doing is hunting through my phone for every last photograph, item of web history, iWork document, note, etc, etc, etc, and having to decide for each one whether it needs to be iTouch protected. The clear answer to the kind of thing you're talking about is multiple user accounts. No need for the admin overhead of trying to figure out what requires protection - it's all protected.