On September 10, 2013, Apple unveiled the iPhone 5s, and with it, they introduced Touch ID. Like many other features found in our mobile devices, Apple wasn’t the first to introduce fingerprint recognition technology – that credit goes to Toshiba, who incorporated the technology in their G500 and G900 series phones way back in 2007 – but Apple was certainly the company to make the technology mainstream. Very secure and integrated seamlessly with the rest of iOS, Touch ID allowed users to unlock their phones quickly and easily, as well as authenticate purchases in the iTunes Store and App Store – and since September, 2014 introduction of the iPhone 6 and 6 Plus, it can be used to authenticate Apple Pay purchases, as well.
Following the release of Apple Pay, several manufacturers of Android phones followed suit, and now fingerprint recognition is present in most flagship Android phones – the Pixel and Pixel XL included. The Pixel line uses the “Pixel Imprint” for fingerprint recognition, which is the successor to the “Nexus Imprint” technology introduced with the Nexus 6P and Nexus 5X. Located on the back of the device instead of the front, the Imprint sensor can quickly unlock your phone or give you quick access to your notifications.
The Pixel Imprint technology is obviously quite a bit newer than the Touch ID technology – so, as can be expected, it’s not quite as full-featured as Touch ID. That said, let’s take a closer look at how they compare.
iPhone 7 – Touch ID
Apple’s Touch ID has grown quite a bit since its introduction in 2013. Built into the Home button of your iPhone, Touch ID essentially activates when it detects a finger on the sensor, comparing the print to the fingerprint stored in the secure enclave of the phone’s chip. The first generation of Touch ID, available on the iPhone 5s, iPhone 6/6 Plus, and iPhone SE as well as several iPad models, was used for two purposes – a quick, convenient way to unlock your iPhone, and a quick, convenient way to authorize purchases made in the iTunes Store or App Store. On September 9th, 2014, during the keynote announcing the iPhone 6 and 6 Plus, Touch ID’s functionality was expanded to include the ability to authorize Apple Pay purchases, as well.
The second-generation Touch ID was introduced alongside the release of the iPhone 6s and 6s Plus in September of 2015, featuring improved fingerprint recognition and upgraded hardware that is capable of unlocking your device almost instantly. The iPhone 6s, 6s Plus, 7, and 7 Plus are the only phones featuring the second-generation Touch ID sensor, although it was recently introduced in the 2016 MacBook Pro, as well. The second-generation Touch ID is quick, secure, reliable, convenient, and works seamlessly within iOS.
Google Pixel – Pixel Imprint
As mentioned before, the success of Touch ID spurred a number of Android manufacturers to add fingerprint sensors into their smartphones. However, due to the slew of companies manufacturing Android phones, the entire system for fingerprint authentication in the Android ecosystem is quite fragmented. According to computer security firm Elcomsoft, “different manufacturers used very different… everything. From fingerprint scanner technology to authentication API, each of the many OEMs were inventing their own wheel, some of them square.” Samsung has their own fingerprint authentication system and HTC has another, as does LG and a number of other manufacturers, including, yes, Google itself. And until Google entered the game, the quality of each fingerprint authentication system varied wildly – some were great, and some were full of security holes.
Google’s first foray into fingerprint authentication was known as Nexus Imprint, which was released alongside the Nexus 5X and Nexus 6P devices in the fall of 2015. The Nexus Imprint was both fast and secure, living up to Google’s rigid standards for accuracy and security. With the release of the Pixel line of smartphones, Google has renamed Nexus Imprint “Pixel Imprint”, and added some fun new features. Like Touch ID, Pixel Imprint is incredibly fast, secure, and reliable – it’s one of the finest fingerprint authentication systems on the market.
With fingerprint readers, there aren’t a whole lot of “features” to speak of. Both Touch ID and Pixel Imprint can unlock your phone almost instantly, both can authorize payments on the App Store/Google Play Store respectively, both allow users to register a number of fingerprints, and both are already open to third-party apps. They work very similarly.
That’s not to say there aren’t any differences, however, with the most obvious difference being the placement of the sensor. On the iPhone 7, the Touch ID sensor is located on the new capacitive home button, while the Pixel Imprint sensor is located on the back of the device, “where your finger expects it,” according to Google. Both are plenty convenient, and boils down to preference. The Pixel Imprint has the added functionality of displaying your notifications when you swipe down on the fingerprint sensor with your index finger – a minor convenience when operating your phone one-handed, but nothing groundbreaking. Touch ID has the advantage of maturity – it’s been around longer, and has been integrated into more third-party apps than Pixel Imprint has. The Amazon app, for example, supports Touch ID, but has yet to integrate support for Pixel Imprint (although it will likely be supported in the very near future).
When Touch ID was first introduced, ZDNetcalled it a “big win” for security, claiming that, at the time, “about half of iPhone users don’t bother with passcodes,” making theft of one “low-hanging fruit for thieves.” Fingerprint authentication made iPhones much more difficult to steal and gain access to. Touch ID assuredly has also saved parents around the world countless dollars, preventing the all-too-familiar scene of children unknowingly racking up huge bills of in-app purchases while playing seemingly harmless games.
Although Touch ID can still be bypassed using a passcode, causing some to say that it represents a net security decrease for each device, it was initially designed to make it easier for users who don’t use a password at all to secure their device. That said, Apple has taken a number of steps to ensure that Touch ID is as secure as possible. As Elcomsoft stated in a blog post about Touch ID, “each fingerprint reader is individually paired with the rest of the system at the factory,” and users’ fingerprints are “stored on the Secure Enclave, and is never transferred to Apple servers or iCloud.” Users must also enter a passcode to use Touch ID after a device is rebooted or power cycled, after a new fingerprint is registered, if a lock command is issued from Find My Phone, after 5 unsuccessful login attempts, if the device hasn’t been unlocked in 48 hours, and/or if the device hasn’t been unlocked using a passcode in 6 days and hasn’t been unlocked with Touch ID in over eight hours. All of these security measures make it incredibly difficult for anyone other than the phone’s owner to access the device. Elcomsoft called Apple’s implementation of Touch ID “exemplary.”
As mentioned before, security on Android’s fingerprint scanners was all over the map, with different manufacturers rushing to incorporate their proprietary fingerprint scanning technology in their phones – with varied results. Once Google entered the foray, however, things began to streamline. With the release of Android 6.0 Marshmallow, Google included an official Android fingerprint API, complete with rigid hardware and software requirements for solid security and performance. Elcomsoft calls the current implementation of fingerprint authorization (in devices running Android 6.0 and newer) “a well thought through security model.” As with Touch ID, the Pixel Imprint stores fingerprint data on a secure area of the main processor, called the “Trusted Execution Environment” – similar to Apple’s “Secure Enclave.” However, some of the security features that Apple has implemented for Touch ID aren’t required for Android devices. For example, although Pixel Imprint requires devices to authenticate with a passcode before registering fingerprints, fingerprint unlocks do not “expire” – users can unlock with a fingerprint even after a reboot or after long periods of idling or storage. Pixel Imprint sensors also aren’t paired with the device at the factory, meaning someone looking to access a Pixel device could theoretically replace the sensor and register their own fingerprints (although a passcode would still be required to do so). Although the security is solid for the average user, it wouldn’t be recommended to store government secrets on a Pixel device.
Like many other aspects of the Pixel series, the Pixel Imprint is a solid implementation of fingerprint authentication hardware and software – certainly the finest Android has to offer at the moment. That said, Touch ID is a bit more mature and thus a bit more secure than Pixel Imprint, which still has a bit of room to grow in the future.