You know, it could also be a side effect and not the intention of apple at all. It's easy to think it all one big conspiracy.
Do you really believe it could be the case?
"Never attribute to malice that which is adequately explained by stupidity." --
Robert J. Hanlon in some form or another
It's far more likely to have been an unintended side effect than deliberate sabotage. They aren't stupid enough to try that, because if someone did sue, the paper trail would come out in discovery, which would be devastating.
A couple of really lame things Apple did:
1. Making the touch sensor part of the security module. Match the fingerprints in the main CPU -> problem solved.
2. Not giving the Apple stores the key reset software. If people could just go in and get their phones fixed, it wouldn't be a big deal.
No, those are not lame, they're incredibly smart. No offense, but you clearly know
nothing about security design.
Those things are critical to the security of Touch ID, which in turn is critical to the enhanced security of Apple Pay (which far exceeds that of a physical card,
providing the issuing bank actually performs its due diligence when linking to an account). If you do fingerprint sensing in the main CPU, it can be hacked. This
completely eliminates that attack vector.
As for not sharing the keys with Apple: If Apple has them, then Apple can be compelled by law enforcement to produce them. By never having the keys, Apple eliminates their ability to rat me out to the government. (Apple's
stance on privacy/encryption is clear, and viewed with those principles in mind, these design decisions make total sense.) Strictly speaking, you said "key reset software" -- but that implies that a back door exists by which the keys could be changed. That's horrible design security. The best systems destroy the keymaking device, such that it becomes impossible to recover or reset keys.
But there is more, for instance consider this:
Your backup has your fingerprint biometric. Isn't your fingerprint worth protecting?
No, it does not.
http://www.geek.com/apple/apple-wants-to-store-touch-id-fingerprints-in-the-icloud-1613633/
Patent != intent.
The only reason this is news is because it's Apple.
Spot on.
Tamper resistance = brick your phone. Sorry - that doesn't work for me.
I don't have a problem with the philosophy, just the execution.
Devil's advocate: What if someone managed to transplant a Touch ID sensor (complete with its Secure Enclave) to another phone and succeeded in using it to log into an account that wasn't theirs? We both know damned well that Apple would be crucified by the media.
But that's besides the point. On what planet does it not make sense to authenticate the biometric peripheral? The implementation is just that, the implementation, but the principle is still sound. And entirely justified. It's Apple's product and they get to design it and implement it however they like.
It was not designed for hardware replacements in mind, nor was it designed for users to replace components on the phone, no smartphone is. The TouchID has one purpose, and it's only natural it would be a pain for a 3rd party to temper with. As a user I am glad it is.
If this was the screen or the battery we're talking about then I might have a different opinion about it.
This. It's an unfortunate side effect of encryption that it hampers interoperability. But there's simply no way around it. As our devices store more and more highly personal, confidential information on them, the need for extreme security continues to grow. And this security relies on the fact that the mechanisms cannot be circumvented, disabled, or reset. Otherwise, you may as well not have them at all.
Now go and check how many patents Apple have and how many of them are actually implemented in some kind of device. They register tons of useless (from engineering point of view) patents just in case, so they can use them against competitors if something like it will be actually implemented someday.
Absolutely true, as I said above. That said, if you follow how much time hackers spend reverse-engineering all the security in iOS devices already, you'll know that Apple
must go to extreme measures if it is to maintain the level of security that consumers demand of a device that holds their entire digital life.