iOS 11 Has a Feature To Temporarily Disable Touch ID

A new feature baked into iOS 11 lets you quickly disable Touch ID, which could come in handy if you're ever in a situation where someone (a cop) might force you to unlock your device. Cult of Mac reports: To temporarily disable Touch ID, you simply press the power button quickly five times. This presents you with the "Emergency SOS" option, which you can swipe to call the emergency services. It also prevents your iPhone from being unlocked without the passcode. Until now, there were other ways to temporarily disable Touch ID, but they weren't quick and simply. You either had to restart your iPhone, let it sit idle for a few days until Touch ID was temporarily disabled by itself, or scan the wrong finger several times. The police, or any government agency, cannot force you to hand over your iPhone's passcode. However, they can force you to unlock your device with your fingerprint. That doesn't work if your fingerprint scanner has been disabled.

"Baked into"

[Viol8]

Please stop using this idiotic supposedly "cool" terminology, this isn't a cooking site or a hipster hangout. Just say "included with" FFS.

Re:"Baked into"

[Presence+Eternal]

"Baked into" implies it's non-removable and non-optional. "Included with" implies it's optional. The terms are discrete and worth using.

Re:"Baked into"

I wasn't aware that the standard well-understood phrase "baked in", that has been around far longer than I have been alive and doesn't come from cooking, is now "cool" and "hipster".

Maybe it's time to stop worrying about hipsters hiding under your bed.

Re:"Baked into"

He does have a point though, tech world today is full of stupid, needless phrases that are meant to sound nice to investors and shareholders rather than actually describe something accurately.

We could say the mechanism is integrated, built-in, anything really. But no, let's use some appy-app appminology to appscribe apps and appctions a device comes pre-apped with.

Re:"Baked into"

[Calydor]

Imagine a birthday cake. You might make it with eggs, and sugar, and flour, a bit of oil and such. These ingredients all get BAKED IN and cannot be removed no matter how hard you try, you'll have to make a new cake from scratch to change their presence.

On top of the cake you put some candles. These candles are INCLUDED WITH the cake and can be removed at your leisure. Same with the frosting, you can scrape that off if you're careful, so it's included, not baked in..

Re:"Baked into"

[Presence+Eternal]

Perhaps it should only be used for talking about hardware. Clearly it would be fitting in that context. You go inform the Internet. I'll wait here.

Re:"Baked into"

These candles are INCLUDED WITH the cake and can be removed at your leisure. Same with the frosting, you can scrape that off if you're careful, so it's included, not baked in.

Oh god... I thought this phrase was simple enough although a bit annoying but if we have to work out for each item whether it can be metaphorically 'scraped off' then I'm with Viol8 - that's just more trouble than it's worth. Are we absolutely sure this feature can't be scraped off? What would it take?

Re:"Baked into"

I think the battle is lost as much as I'm on your side.

As for the arguments here that it's a distinction from "included" other terminology is available. If "baked-into" is supposedly mandatory but some exploit is found to remove or bypass it then what does it become?

Perhaps the best way to win this war is just to invite more stupid terminology. Let's not upgrade, let's "level up" our hardware and installation. Let's not have "Pro" as a suffix but "Boss", etc.

Re:"Baked into"

No, "baked into" implies the author is an arse.

Re:"Baked into"

[aaarrrgggh]

"Integrated" would be a less colloquial term and clearer and more transparent to a diverse audience.

Re: "Baked into"

Just no. "Baked" is clearly is food related so let's just use when talking about edible stuff... in phrases like "I sure would like to bake my salsage in that sweet MILFs oven"

Re:"Baked into"

It's also an easier term to coin while massaging sage scented beard oil into your soul patch while cruising along on a hover-board discussing the profound implications of embracing the semi-popular ideas..

But remember, hover-boards should not be used while consuming locally sourced craft beers!

Re:"Baked into"

Hiding under the bed is so mainstream. Hipsters hide in your pillowcase.

Re:"Baked into"

[hackwrench]

Baked into is really the older term and shorter to boot so who's being stupid here? There's nothing new to see here and I'm 40 years old. They said baked into about the space shuttle.

Re:"Baked into"

It's completely removable and optional; Apple just choses to advertise itself to anti-government hipsters while tacitly enabling the criminal element.

Re: "Baked into"

Anything in software can be removed, it's simply a matter of effort.

Good luck removing the sugar from a cake.

Re:"Baked into"

Why the hissy fit? 'Baking' is a term commonly associated with the electronics industry. For example, you might refer to the baking of a PCB.

Re:"Baked into"

"Integrated" would be a less colloquial term and clearer and more transparent to a diverse audience

And also has more syllables, a feature which clearly appeals to you.

Re:"Baked into"

Honestly, with the baking of a PCB, I'd be curious as to what other term you'd use. You smear it with solder paste, put components on top of the paste, and put it into a big ass oven at 500 degrees or so for 15 minutes to melt the paste, then put it on a cooling rack so the solder can solidify. If that's not baking, then I don't know what is.

Re:"Baked into"

[Austerity+Empowers]

I just thought the guy who added it was high at the time, we are about to get "High" Sierra from them. I can't think of how many times the subway "artist" baked my sandwich while totally baked, most recently after I was out in the sun too long and my skin was totally baked.

Re:"Baked into"

Imagine a birthday cake. You might make it with eggs, and sugar, and flour, a bit of oil and such. These ingredients all get BAKED IN and cannot be removed no matter how hard you try, you'll have to make a new cake from scratch to change their presence.

On top of the cake you put some candles. These candles are INCLUDED WITH the cake and can be removed at your leisure. Same with the frosting, you can scrape that off if you're careful, so it's included, not baked in..

No, it's more like the shards of glass inside the birthday cake. They're BAKED IN.

Re:"Baked into"

[bondsbw]

Many of the terms we use in computer technology comes from existing concepts. Just to name a few: application, file, virus, boot, handshake, cache, screen, menu, command, forum.

It doesn't matter that the words have a double meaning. It matters that they effectively communicate intent.

Re:"Baked into"

[JohnFen]

Yep, I'm even older and can attest that the phrase was very common from before I was born. It used to be electronics jargon, and software adopted it later.

Re: "Baked into"

I see definition 2 as

subject (something) to dry heat

This sounds like it applies to thermal annealing, which is what produces the O in MOS technology, so I'd say that "baked into" works for silicon hardware.

Re:"Baked into"

[TheFakeTimCook]

Honestly, with the baking of a PCB, I'd be curious as to what other term you'd use. You smear it with solder paste, put components on top of the paste, and put it into a big ass oven at 500 degrees or so for 15 minutes to melt the paste, then put it on a cooling rack so the solder can solidify. If that's not baking, then I don't know what is.

If you are doing reflow soldering at 500 deg. F for 15 minutes, you're going to be pulling out a charred, useless, potato-chip-looking specimen, unless most of that time was spent doing pre-heat and cooling profiles.

When we did prototype reflow in a toaster oven (with a temperature controller!) in our lab, IIRC, it generally took under 30 seconds at around 425 F to get a good flow of the solder-paste. Of course in our lab, we didn't use lead-free (RoHS) solder-paste, either. But still...

Re:"Baked into"

[TheFakeTimCook]

No, "baked into" implies the author is an arse.

No.

COMPLAINING about the generally-accepted term "baked into" implies the POSTER is an arse.

Re:"Baked into"

[TheFakeTimCook]

"Integrated" would be a less colloquial term and clearer and more transparent to a diverse audience.

Oh, FFS! Knock it off with the juvenile sophistry already!

Did you understand the intent of the term?

Then that is all that is required, unless we are talking about a "Scope of Work" or other contractual-type document, where every word must be clear and precise in its meaning. And if you want to do that, use German. It has a "one word, one meaning" aspect to its language.

In fact, I don't know the language; but if what I said above is actually accurate, I'm not sure you can actually make Puns in German at all...

Re:"Baked into"

[TheFakeTimCook]

It's also an easier term to coin while massaging sage scented beard oil into your soul patch while cruising along on a hover-board discussing the profound implications of embracing the semi-popular ideas..

But remember, hover-boards should not be used while consuming locally sourced craft beers!

Or using your iPhone to control them!

https://www.tomsguide.com/us/a...

Re:"Baked into"

[Viol8]

Generally accepted by whom? Not anyone I work with. They just think its comical.

Re:"Baked into"

[aaarrrgggh]

I had no issues with it... but bad English is a fairly universal language, and "baked into" would leave most non-Americans puzzled.

I see you

[Presence+Eternal]

Ain't it grand that with the 8, all someone will have to do is shove the phone in your face.

Re:I see you

[BasilBrush]

If that rumoured feature is there, then pretty obviously it would be programmed to also deactivate after the 5 presses on the home button.

Faceless ?

[Chiny]

Apple is a faceless corporate ? I'd have thought Apple had, and has, some very famous faces. That extends slightly down the pecking order, not just the top man; example, the UK has honoured and listens to, Jonathan Ive.

Re:Faceless ?

[blackomegax]

Jonathan Ive.Whom has not updated the core design of the macbook in like 10 fucking YEARS Jonathan Ive? lol what do they even pay him for.

Re:Faceless ?

Apple is a faceless corporate ? I'd have thought Apple had, and has, some very famous faces. That extends slightly down the pecking order, not just the top man; example, the UK has honoured and listens to, Jonathan Ive.

More like the UK listens to, and humors, Johnny Ive.

Re:Faceless ?

Then that person is known in at least two place : the UK and /.
I know about him from a few idiots screaming "Johny Ive!" and Johny Ive this, Johny Ive that on slashdot threads. Thus I do know the guy very superficially, know he's done macbooks but not which ones exactly, perhaps the core2duo ones and up.

Semantically though, you're speaking of faces. I don't know what the guy looks like. Haha!

Not in the UK

It's a shame that people assume that people reference the US as if its laws apply everywhere.

In the UK you can be compelled to hand over your passcode too.

Re: Not in the UK

What they mean is that cops can physically pin you down and press your phone against your finger. They can't physically make you give up your password (legally in most countries), best they can do is put you in jail until you do.

Re:Not in the UK

[Kid+CUDA]

What if you "forgot" it?

Re:Not in the UK

[black3d]

You'll be held in contempt until you provide it.

Re: Not in the UK

[johanw]

The cops can also start breaking your fingers one by one until you reveal the passcode. "Yes your honor, he came with his fingers stuck when we closed the door, a stupid accident".

Re:Not in the UK

[johanw]

Then you get a free treatment against memory loss. After being hung at your toes upside down for a day you might suddenly remember it.

Re:Not in the UK

[Applehu+Akbar]

It's a shame that people assume that people reference the US as if its laws apply everywhere.

Unfortunately, US laws ARE enforced all over the world.

Re:Not in the UK

its a site ran in the USA, shut the fuck up

Re:Not in the UK

Unfortunately, US laws ARE enforced all over the world.

Not all of them. There's a bunch of the ones that are not, that this feature does apply to:

- Freedom of speech
- The right to remain silent
- The right to join an opposing political party
- Separation of church and state.

Re:Not in the UK

The RIPA act allows for indefinite detention for people who don't give up passcodes. All a magistrate has to do is ask "will you give up your password" 25 times in a row, then for each "no", sentence the person to four years.

Re: Not in the UK

Why are these cops so obsessed with phones, and why would you care? The can pass a warrant to the telco, and get your call/sms history from there anyway. So they already know if you're talking to drug lords or terrorists. Similiar for facecebook etc. It is not as if the phone holds any great secrets.

Re:Not in the UK

Unfortunately, US laws ARE enforced all over the world.

Not all of them. There's a bunch of the ones that are not, that this feature does apply to:

- Freedom of speech - The right to remain silent - The right to join an opposing political party - Separation of church and state.

I don't understand. We don't actaully have those in the USA. We pretend we do.

Re: Not in the UK

[infolation]

Actually the UK police grab the unlocked phone out of the criminal's hand, like a mugger.

I know this probably sounds difficult to believe, but it's actually true.

Officers have become increasingly frustrated with criminals who refuse to hand over the passwords for their encrypted mobiles, denying them access to vital information.

But the Metropolitan police have come up with a novel solution, by snatching an iPhone from a suspect on the street before he had a chance to lock it.

Officers investigating a credit card racket realised that crucial evidence was stored on the phone of suspect Gabriel Yew, 45, that would be inaccessible without his password.

To get round the problem covert officers from Operation Falcon, the Met police team that investigates major fraud, seized the mobile from Yew's hand as he took a call in the street. They then tapped the screen to prevent it from locking while the evidence was being downloaded.

Re: Not in the UK

Actually the UK police grab the unlocked phone out of the criminal's hand, like a mugger

You know the British courts also put people in cells 'like kidnappers might', and if the police have a warrant they can break into a house 'like a burglar'... I'm not sure I see the issue with this tactic as long as they have a credible enough case to justify it.

Re:Not in the UK

[arth1]

In the UK you can be compelled to hand over your passcode too.

Not by the police, you cannot. That takes a magistrate's order.

Re:Not in the UK

[Golddess]

Then you better hope your jurisdiction is one which recognizes the fallibility of human memory.

I know you put it in quotes to indicate lying about forgetting it, but since it cannot be proven that you are lying about forgetting it, it doesn't really matter.

Re: Not in the UK

Would you be willing to mail me your unlocked phone then? I'll even pay for shipping.

Re: Not in the UK

I would, if you pay me a replacement phone (about $20) and I keep the SIM card.
The phone has no locking enabled.

Re:Not in the UK

[Carewolf]

It's a shame that people assume that people reference the US as if its laws apply everywhere.

In the UK you can be compelled to hand over your passcode too.

You can in the US too.

Re: Not in the UK

Fuck off seriously. If you can't see the difference then I feel sorry for you more then anything. Because you are a blind sheep. Slippery slope my friend.

Re: Not in the UK

Go move to Russia, then tell me about how bad the US is.

Those rights are still alive and well.

Re:Not in the UK

oh no, not contempt.

Re:Not in the UK

[JosKarith]

"Contempt of court" - ie a jail cell till you comply with the court's orders. Even if that lasts longer than the maximum sentence for the supposed crime.
If you ran a program that encrypted a portion of your computer's hard drive without giving you the unlock code there is no way you could know the code to give to the police. But under UK law you can be held in Contempt of Court and jailed indefinitely for not handing over when asked the code you don't know. And in these days of crypto ransomware running wild that's an even more scary concept.

Re: Wouldn't surprise me...

Wouldn't help.

Almost all of those Androids are also made by real faceless corporates and are chock full of proprietary firmware.

You custom XDA ROM is just skinning faceless corporate filth at a different layer in the system.

about time too

Passed out at a party and awoke to 2 ubers successfully ordered on my phone and a few calls that (I hope) I never made all undoubtedly using my sleeping finger to unlock. Apple finally catering for the drunk. Now if they can only put a breathalyser on messaging apps I can get back to my 12th pint.

Re: about time too

Dude... if you're in this position, you probably are life of the party and fucking awesome to have around.

On the other hand, you might want to consider changing a few things to make your life a bit easier.

Good luck

They can force me all they want. I can't even unlock that unreliable thing myself most of the time.

Re:Wouldn't surprise me...

[ioErr]

... if there's a secret button combo that reactivates Touch ID if it's been deactivated in this manner, but a combo that Apple only provides to law enforcement and other Government organizations.

If you're going to add a backdoor why not have one that just unlocks the phone without having to involve its original owner. That is, a backdoor that can be used without creating a witness who now knows about it!

what i find surprising

[sad_]

is that unlocking your phone with a password is considered different from using a fingerprint according to the law/police.

Re:what i find surprising

[OffTheLip]

Agreed, what is the difference if the police ask you to unlock your phone and you refuse?

Re: what i find surprising

[bsDaemon]

The difference is that the cops are already going to physically take your hand , stick it in ink, and force it onto paper if they have arrested you. They're going to go through your possessions and if they find keys, can try them on locks they also find on you.

They can't make you say anything though. In fact, they will specifically advise you of your right NOT to talk.

This is one of the reasons why biometrics make terrible single-factor authentication. If not for yubikey or smartcard as 2fa, I wouldn't use finger print on my laptop. Biometrics are better replacements for usernames than passwords, imo, especially given the limited ability to change most of them, and the fact that anyone who is in physical possession of both you and the device doesn't need your cooperation.

Re:what i find surprising

In one country. This is a non-feature for people in many countries. Can anyone give an example of a country other than the USA which makes this distinction?

Re: what i find surprising

[BasilBrush]

There's also the plausible deniability factor. "Gee, officer, you've got me so flustered, I can't remember the password."

Re:what i find surprising

[msauve]

"unlocking your phone with a password is considered different from using a fingerprint according to the law/police."

A fingerprint is physical, like a key. The taking of fingerprints does not fall within the category of either communication or testimony so as to be protected by the Fifth Amendment privilege. United States v. Wade, supra.

A PIN is knowledge, and protected.

Re:what i find surprising

[johanw]

The Netherlands for example.

Re:what i find surprising

The difference is that what you say to the police is protected by the 5th amendment, what you *are* near the police is not. The police are absolutely within their rights to look at you and observe your height, your build, your facial characteristics, the patterns of bumps of skin on your fingers, etc.

They are not within their rights to compel you not to be silent.

Re:what i find surprising

[Dan+East]

That's the US legal system for you. Obtaining textual type information - words, letters, numbers - is considered a form of speech, even when written. Law enforcement cannot coerce speech out of a person, spoken or written. Physical evidence and physical searches are allowed, and apparently courts are allowing the use of biometrics to access things fall into that category. At least for now until higher courts rule on this and provide proper guidance.

Re:what i find surprising

It's not considered different in the UK. However, in the real world it IS different, whether or not it's considered different.

They CAN take your finger print by force.

They CAN'T take your password by force, unless you wrote it down.

Re: what i find surprising

[JBMcB]

That works with police. It doesn't work with the courts, apparently.

Re: what i find surprising

Just admit its a stolen phone so you really don't know the code.

Not much punishment for stealing a grubby phone.

Re:what i find surprising

[decep]

From a legal perspective, there is not much difference. The law can compel you to provide a fingerprint or password. The difference is that they can physically force you to provide a fingerprint by simply manhandling you. For a password, there is no way for them to force you to provide it.

It does not mean you cannot be put in jail for failing to provide the password, but providing the information is always 100% voluntary.

If it exists in the physical world, the law can force you to provide it.

Re: what i find surprising

There's also the plausible deniability factor. "Gee, officer, you've got me so flustered, I can't remember the password."

Just a side note, but it is generally accepted in law that lying to a law enforcement officer or a judge is in and of itself a crime.

Yes such a thing can be quite difficult to prove in an acceptable way, but why take that risk when you don't need to?

If you lie about not remembering the password, if it later can at all be shown that isn't at all likely to have been possible, you'll either get in more trouble than before, or possibly get in trouble where you wouldn't have otherwise.

If you simply respond that you don't wish to speak without a lawyer present, you are not lying in your answer, that answer is pretty well expected, and said lawyer should know for sure if providing the password is too overstepping of their authority to request or otherwise not required to do.

Say the authorities somehow discover the password to your phone via other means than you telling them.
If they have actually overstepped their authority in doing that, there is a good chance all of the phones data can be stricken as evidence from the court records.

However if it turns out your password happens to be say your birthday or something you would have no real way to claim is forgettable, even if they overstepped their authority on collecting that evidence, now they can either charge you with lying to law enforcement or hold you in contempt for lying to a court, and that crime itself could very well provide the probable cause they previously lacked to use that evidence against you.

This is the entire basis for not saying anything yourself without running it through a lawyer first.
A statement that to you or I and in plain English may sound harmless enough likely has very different meaning in legalese, and your lawyers job is to make sure everything is translated properly, as well as any information you provide is actually required to be provided in the first place before you over-generously give them additional material to use against you.

Re: what i find surprising

[david_thornley]

From what I know (and it may be obsolete) it hadn't shaken out fully in the courts yet.

Re: what i find surprising

[Dixie_Flatline]

They can make you use your fingers, but you don't have to tell them which finger is the right one. Unfortunately, it doesn't look like you can force the iPhone to only accept one attempt before requiring a passcode, so they've got multiple tries at guessing which one is the correct one.

Re: what i find surprising

Until they call your number and the stolen phone rings (?)

Re: what i find surprising

That's because you put your SIM card in?

Re:what i find surprising

[Anubis+IV]

what is the difference if the police ask you to unlock your phone and you refuse?

It's similar to the distinction we make in cryptography between what you know and what you have.

Generally speaking, what you know is protected by the 5th Amendment. They cannot compel you to testify against yourself. What you have is not protected by the 5th Amendment. It's material evidence that can be used against you in a court of law.

Provided they have a valid warrant, the police still need a means to execute a search that doesn't rely on compelling you to share something you know. For years, that meant they had nothing they could ask us for, since all we had were passcodes, and they couldn't compel us to turn those over (which led to the false belief that they couldn't compel us to turn over anything at all that would allow access). But the police have the right to collect material evidence, such as a fingerprint, and use it in the pursuit of their investigation. And they have a right to access the contents of the phone. If it just so happens that your device is locked by something material, that's a shame for you, but it's not testimony: it's simply evidence that can be used against you. It's no different than having a key on you that can open a safe.

And really, when you think about it, this all makes sense. If the police weren't allowed to use material evidence that you were forced to provide against your will, we'd find ourselves in a bizarre world where pretty much any material evidence collected from a defendant (e.g. DNA, fingerprint, blood, etc.) would be inadmissible. After all, who would consent to "testifying against themselves" by allowing a DNA sample or fingerprint to be collected that could place them at the scene of the crime? In fact, it'd be so far reaching that we wouldn't even be able to seat the defendant in the courtroom against their will, since the jury may recognize that the person in the security footage is the same as the person sitting at the defendant's table, or an eyewitness may be able to point at them to confirm that they are the same person. They would, effectively, be "testifying against themselves" by being forced to provide something they have—their physical appearance—that can be used against them.

Thankfully, this is a case where common sense won out in the courts, since the courts have repeatedly held that material evidence is not testimonial in nature, and thus is not protected so far as the 5th is concerned. In fact, most of those examples I just gave are ones that the Supreme Court or appellate courts have mentioned in the major cases addressing the topic of what is or isn't covered by the 5th (usual disclaimer: IANAL).

All of which is to say, the courts have made a pretty clear distinction between testimonial and material evidence. Passcodes are protected under the 5th because they're testimonial in nature, whereas biometrics are protected solely under the 4th because they are material in nature. You can use either method to lock your phone, but the 4th is a significantly weaker form of legal protection than the 5th, so which you choose to use will come down to how you balance security and convenience.

Re:what i find surprising

The knowledge of which finger unlocks my phone, and at what orientation, is arguably testimonial. One might choose to pair their Touch ID to their non-dominant ring finger held upside down, which probably wouldn't be a police officer's first guess, second, or third guess.

Of course, law enforcement would try to work around thit technicality by arguing that they aren't asking you to divulge that knowledge, but to simply unlock the phone. Also, if you live in a city, that knowledge has probably been captured by dozens if not hundreds of cameras anyway.

Re:what i find surprising

[tibit]

Touch ID is orientation-agnostic. Check it out.

Re:what i find surprising

[david_thornley]

Most people do not have an effectively unlimited number of fingers, and hence it's possible for the police to try all of them.

Re:what i find surprising

[Jonathan_S]

Most people do not have an effectively unlimited number of fingers, and hence it's possible for the police to try all of them

At least on my phone 4 failed fingerprint authentication attempts and the phone requires the passphrase to unlock.

So if you have only 1 finger enrolled and it's not a common one the police only have a 40% change of brute forcing the fingerprint authentication. (Less if you can deliberately choose some wrong fingers)

Still that's more just a hope they might not get in. (And most people probably have at least 2 fingers enrolled)

Re:what i find surprising

[Dagger2]

This is going to get really bad if/when we get the tech to meaningfully read minds.

"You have the right to remain silent, but there's no point because we'll just read what you're thinking straight out of your brain, which is a physical object that we can look at as much as we want."

I'd hope that's obviously crazy, but as you say... US legal system.

The English language

[Thor+Ablestar]

The Russian tourist asks a British cop: Sir, can I? - Cop: Yes, you can!
No, Sir, I mean, may I? No, you may not.

The cops MAY NOT force you to hand over your passcode, but they CAN.

Re:The English language

The Russian 'tourist' runs over to the British police and says "oh my goodness, a dissident oligarch has died over there in his rented house, of an entirely tragic and unpredictable heart attack!"

And the British policeman says: "no, that looks-"

And then his commanding officer says "I'm told it looks a lot like a heart attack!"

Re:The English language

The cops MAY NOT force you to hand over your passcode, but they CAN.

How?

They can punish you for not doing so, but unless I've missed some medical breakthrough, they can't actually force you to.

what I'd like to see

[AvitarX]

Simple PIN unlock (not just finger print as an easy option, something that works right out of the shower) and long password to unencrypt for booting.

I have android, but the if I want a secure phone (long boot password), my only easy unlock option is the fingerprint, which doesn't work with touch screen gloves, and doesn't work with post shower fingers.

Then, make the five button click reboot rather than disable touch.

Re:what I'd like to see

[JohnFen]

Hmm, every Android phone I've had, out of the box, has a simple passcode unlock (or pattern unlock) available if you want it.

If you're willing to root, it's pretty easy to set up the device to be encrypted and require a password in order to boot. Even without rooting, install Tasker and you can set up any special button sequence you want and make it perform pretty much any action you want, including shutting down or rebooting.

Re: what I'd like to see

[AvitarX]

Do they allow password boot and pin unlock?

Every android device post encryption I've used couldn't do that (pretty encryption it's irrelevant, I don't recall).

Re: what I'd like to see

[JohnFen]

If rooted, yes. You can make it behave however you like. I don't know about stock Android behavior on this point, though.

Re: what I'd like to see

[AvitarX]

OK, I just checked.

I can do PIN, Password, Swipe to boot, and then pair either of them with fingerprint optionally for unlocking.

I'd like to do Password to boot, then PIN, or Finger to unlock.

Finger print fails to work often enough that it's pretty useful as an only unlock method (and if my password is a long password entered rarely, it effectively is not an option for normal use).

Re: what I'd like to see

[AvitarX]

Effectively, PIN and pattern are useless for boot security as I understand it.

oblig. xkcd

https://www.xkcd.com/538/

Officer...

Officer learns about new feature of iOS 11
Officer sees you tap iphone quickly five times
Officer arrests you for terrorism offences

Power button?

Strange that Apple has decided to add yet another button to the phone. There's already five.

Re: Power button?

There's 3 and a 'button' that is just a place to put your finger.

Obstruction of justice, anyone?

Yes, doing that in the presence of a cop isn't fishy at all. I'll go and say it could even be construed as probable cause for... "something illegal".

The article could have used a different example for the situation: a mugger, and nobody would have thought about cops invading your privacy.

Re:Obstruction of justice, anyone?

[johanw]

Muggers might have even less restrictions about forcing the passcode out of you than cops.

Re:Obstruction of justice, anyone?

Yes, doing that in the presence of a cop isn't fishy at all. I'll go and say it could even be construed as probable cause for... "something illegal".

The article could have used a different example for the situation: a mugger, and nobody would have thought about cops invading your privacy.

It's called the 5th Amendment in the U.S.

And you get charged with obstruction if you resist

[schwit1]

I'm not saying it will pass legal muster. Prosecutors use the pain of the process to wear down defendants. You will be vindicated in the end but be out thousands of dollars in attorney's fees and time spent incarcerated.

Be careful with this

A lot of comments on the 5th amendment here, buy taking proactive action to prevent access to evidence would likely be seen as obstruction of justice. Basically, if it is reasonable to a judge that knew an investigation was about to happen and you do something like this, it is no different than wiping your hard drive or burning your flash paper. It would be best not to use touch id at all.

Biometric security isn't.

[theweatherelectric]

Even kids know that.

Re:And you get charged with obstruction if you res

Prosecutors use the pain of the process to wear down defendants. You will be vindicated in the end but be out thousands of dollars in attorney's fees and time spent incarcerated.

And so "justice" was served in that case. You defy the government, you will pay the price. One way or another. That's what happens in this country when you question authority.

I'm not saying it will pass legal muster.

It doesn't have to. You took an action to intentionally obstruct their investigation. You're already guilty. Worse, that act may be considered "proof" that you are trying to hide something, and as such grants them permission to search the entire device. At the very least a judge is much more likely to issue a search warrant in this case, and at worst if they have to break into the device, any evidence they may try to plant on it is much more likely to stick because of your previous attempt to defy them. ("After all, that evidence must be legit due to the defendant trying to hide it....")

It's one thing to turn the device off, or lock it with something they can't compel you cough up. It's another thing entirely when you close off their legal loophole that they made for themselves.

Android?

I have an S8 - so I'm protected by the fact that no one, even those of us that own the phone, really know where the fingerprint sensor is, and it doesn't work well even when found. Still, as an extra layer of protection, how do I rapidly disable it on this device?

Re:Android?

[green1]

hammer?

I can't believe the ridiculous placement of the fingerprint sensor on the recent Samsung phones, it's like they thought to themselves "where's the worst possible place for the fingerprint scanner? Let's put it there!"

But then again, that describes basically every single design decision from Samsung since the end of the Note 4.

Re:Android?

[green1]

how do I rapidly disable it on this device?

The easy way is to long press the power button. That will re-boot the device causing it to require the password.

Don't bother

[woboyle]

I don't even lock my phone these days. If the cops want to access your data, they will. At least, by not securing my phone, I can remote lock it down if it is stolen. With no lock, I think cops will be at a loss to access the phone. "What is your access key? Me: what access key?"

Re:Wouldn't surprise me...

(Different AC)

My thoughts exactly. The whole idea of a "secret button combo that reactivates Touch ID" falls flat on its face once you realize that it could never be used. Because once it is, everyone will know about its existence. True, not everyone would know what the secret combo is, but the knowledge that it exists will be enough to do real damage.

Excellent!

[rickb928]

There is some hope for the Fourth and Fifth Amendments!

Not that Apple actually intended this. I would not be surprised if this feature goes away. Soon.

Clicking 5 times is not a good solution

..If your'e JB'd you can set an Activator action to reboot (and therefore require a passcode no matter what) on a specific finger's print, instead of your "UNLOCK" finger prints.. This is currently available, seamless (depending on which finger you use) and would be transparent to anyone illegally attempting to gain access to your private data without your consent.

So it's an accidental feature? How doe that work?

[Brannon]

It seems perfectly in keeping with Apple's business plan--they do seem to care about customer security.

What's new?

[david_thornley]

I used an option in Settings to disable the fingerprint scanning on my phone quite some time ago. If the idea is that you set your phone up in advance, that's nothing new. If the idea is that you can quickly do it when being arrested, that's legally risky.

Re:What's new?

[green1]

Not to mention highly unreliable. You have to be able to perform the action, if the cop handcuffs you and then removes the phone from your pocket, how are you going to tap the button 5 times? And yes, cops are likely to do it in that order, they don't want to give you the opportunity to go for a weapon.

So I'm really not sure what this brings to the table. If you have access to your device to do this, you could have simply long-pressed the power button to reboot the phone and force a password instead.

Re:What's new?

[tlhIngan]

Not to mention highly unreliable. You have to be able to perform the action, if the cop handcuffs you and then removes the phone from your pocket, how are you going to tap the button 5 times? And yes, cops are likely to do it in that order, they don't want to give you the opportunity to go for a weapon.

So I'm really not sure what this brings to the table. If you have access to your device to do this, you could have simply long-pressed the power button to reboot the phone and force a password instead.

The thing is, if you see a cop, you can quickly do this action and disable the fingerprint reader. Heck, if you have your phone in the pocket, you can quickly press the power button in 1-2 seconds, so when they ask you put your hands up, you can do it then put your hands up.

Or if the phone is in your hands, it isn't a big movement and you can do it while your hands are up and before the cops remove the phone from your hands.

Try it on any phone - you can press the power button 5 times really quickly (under 1 second, 2 seconds tops). Every other action requires a complex set of hand movements you probably cannot do quickly or while you're holding your phone.

Re:What's new?

[green1]

By the time you see the cop, they often have a gun pointed at you and are telling you not to move. reaching for your phone at that time would be a very bad idea. And if you CAN press the power button rapidly 5 times, why can you not also simply long press it once? That reboots the phone causing it to also require a password.

Re:What's new?

Having seen an almost-snuff video where the guy gets out of the car (with trouble, slanted side of road) and gets shot multiple times because he was holding his papers in a hand (of course, the pig immediately approaches a stopped car behind a stopped truck with gun drawn!) :
it might be a VERY bad idea to have a big black phone in your hand while raising your hands. The US pigs will shoot you.

I don't necessarily blame the cops themselves, they're trained that way and indoctrinated. Also why hundreds thousands died in a long guerrilla war in Iraq : because of that sort of incompetent and paranoid behavior.

Not sure how long that will stand up

[ErichTheRed]

Usually, the high-profile "phone unlocking" cases you hear of lately are terrorism or drug-related. Your average iPhone owner is most likely looking to protect his contact list, evidence of dealings, etc. than planning an attack. I'd say Apple aimed this feature squarely at their core demographic -- affluent Millenials:
- Locking up your phone when high/drunk prevents people from using your fingerprint without your knowledge to get access to the phone
- If you're stopped for a minor offense (traffic stop, DWI, etc.) it could prevent the police from finding anything else to make your situation worse if they are suspicious
- Almost all non-violent interactions with the police involve traffic issues or drugs. If a cop catches you in possession of a small amount of drugs, they may or may not be more willing to just let you go if they have to go through a whole search warrant process, take you in and fill out paperwork to see what's on your phone.

What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS) and the phone instantly wiped itself by shorting out the flash memory and destroying itself. You wouldn't have your $1000 computer in your pocket anymore, but you'd have to decide if that was worth less than the evidence the police could have obtained.

I guarantee this is going to get challenged in court to sort it out. 200+ years ago, and even in the Miranda era, no one was carrying a device capable of storing every personal detail of their lives in their pocket. The best you'd ever get is a drug dealer's notebook with their contacts. Phones are interesting in that they're extensions of the people who carry them.

Re:Not sure how long that will stand up

Oops, hit the button too soon -- three short, three long, three short. :-) Although reversing it might not be a bad idea,

And one other selling point...having something like this gives Apple anti-government and pro-privacy cred among the Millenial crowd. Apple knows that with Android, Google is watching everything you do on their phones, and they charge a premium price for the "we don't spy on you" reassurance you get in IOS. Whether that's 100% true, I'm not sure...but it seems like you're paying more to not be the product.

Re:Not sure how long that will stand up

[painandgreed]

What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS) and the phone instantly wiped itself by shorting out the flash memory and destroying itself. You wouldn't have your $1000 computer in your pocket anymore, but you'd have to decide if that was worth less than the evidence the police could have obtained.

That could be possible proof that you destroyed evidence though. I think I'd rather see something like multiple passcodes combined with a way to mark files or features as "special encrypted". One pass code unlocks everything while another unlocks everything but the specially marked items. Of course, such a system would have to obfuscate that there are multiple passcodes and encrypted items while also no overwriting the protected spaces while not fully unlocked.

Re:Not sure how long that will stand up

"What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS) and the phone instantly wiped itself by shorting out the flash memory and destroying itself. You wouldn't have your $1000 computer in your pocket anymore, but you'd have to decide if that was worth less than the evidence the police could have obtained."

Yeaaaah... If you have a hardware self-destruct sequence installed on your phone and use it immediately even though Officer Friendly really did only pull you over to tell you your tail light is out, they WILL look for evidence that you're up to no good because that's a somewhat kinda suspicious thing to do. And if they find any evidence that there was anything on the phone you nuked, you'll be facing obstruction of justice charges which (by design) will generally carry a substantially worse penalty than whatever you were trying to hide evidence of.

There's only one way you'll "get away with" deleting evidence: An established, standing policy that whatever it is, evidence or not, is dumped every XX days, which policy clearly and provably predates any suspicion that the police will subpoena it as evidence. Virtually any other action against files after you even remotely suspect the cops are interested equals obstruction of justice. Furthermore, if you do destroy evidence, the prosecution is given the benefit of the doubt that it IS incriminating in court anyway, AND you don't get to naysay them, because of the presumption that if it wasn't you wouldn't have destroyed it.

I'm not a lawyer or saying it's right, but I did read a long and very detailed DefCon presentation on this subject and that's the executive summary for OOJ as it pertains to electronic data. Also worth knowing: If the cops can pretty much prove that you know incriminating thing X independent of your testimony, and the only thing the court needs is to hear X from your mouth, they can pierce the 5th amendment right to silence (having already incriminated you).

Re:Not sure how long that will stand up

[gnasher719]

What would be an even more interesting feature is if you held down a certain key sequence (three long, three short, three long sounds good...SOS)

Just saying... Three long, three short, three long is "OSO", not "SOS".

Or...just don't setup Touch ID?

Im pretty sure you don't have to.

Phones need a compromised feature

[TheOuterLinux]

They need a compromised password feature like VeraCrypt so that if you have to give a password, you can but it only shows what you want them to see. This way, you not some poor guy held up in a jail cell for not cooperating. You technically gave them access. Matter of fact, I'd argue that password protected apps don't count in the same way as unlocking your phone. There are ways to lock any app on an iPhone if jailbroken.

Australia

Anyone know what the law / application of law in Australia is like when it comes to forcing people to hand over passwords?

What about at airports?

Not just "Emergency SOS"

[John.Banister]

I thought about this, and when the phone is "cop locked" it shouldn't be totally locked down. FIngerprint should open it into "dumb phone" mode. In dumbphone mode, you should be able to make calls and send texts, but without the address book or call history; you should be able to receive calls, but only from people on the "all circumstances receive" list; you should be able to record photos, audio, and video, but not review that content. You should be able to play some fiddly little game that doesn't keep score.

Also, when someone "cop locks" their phone, the user should have the option to set it to broadcast a wifi ssid indicating that this happened, so that others nearby who have chosen for their phones to respond to that can have their phones automatically "cop locked." That way, during an incident, everyone in a group doesn't have to simultaneously whip their phones out and start punching the power button. And, of course this capability would need the corresponding ability to lock the phone down if it detects the presence of jamming that could prevent detection of the other signal.

If this is a thing, a phone should probably automatically go into a similar mode (the exception being to receive every call with only fingerprint needed to answer) after a half hour or so without active user interaction - also so you don't have to whip out your phone and lock it down when you're minding your own business in an urban environment and cops show up, mistaking you for a participant in a matter that concerns them.

Of course, once security awareness is incorporated into modes of operation, then one could go in the other direction as well. There could be three modes: dumbphone, tourist, and secure location. In tourist mode, your secure location password vault, secure location contacts, secure location messages to regular contacts, secure communication apps, secure files and secure location mode itself would all seem not to exist. That way, you could share your phone with a friend without sharing your surprise party planning messages. Everyone might know this mode has the potential to exist, but it'd still be rude to have a "secure mode" button sitting there thumbing its nose at your phone use guests.

Real spies won't need a secret mode, though. They could use apps located on nfc devices to encrypt their secrets into tourist mode pics in (relatively) plain sight.

Re:Not just "Emergency SOS"

[gnasher719]

I thought about this, and when the phone is "cop locked" it shouldn't be totally locked down.

Actually, a locked iPhone _can_ do certain things, like calling emergency services, taking photos (and deleting photos taken while locked), and some other things.

Re:Not just "Emergency SOS"

[John.Banister]

The deleting photos taken while locked doesn't sound good. Someone who physically overpowers a witness and rips the phone from hir hand shouldn't be able to delete photos. Also, if I can remember the number and dial it on a numpad, the phone should allow me to call the friend who can notify my attorney with only my fingerprint for permission, not just only call the local government's emergency services.

Re:And you get charged with obstruction if you res

[gnasher719]

I'm not saying it will pass legal muster. Prosecutors use the pain of the process to wear down defendants. You will be vindicated in the end but be out thousands of dollars in attorney's fees and time spent incarcerated.

You don't get it. When a cop arrests you, he can take a look at your personal possessions. Mostly to make sure you don't carry knifes, guns, spray cans, anything dangerous. Looking at your personal possessions includes your unlocked phone. And it includes putting your finger on the finger print scanner of your locked phone. That's prevented. And in that situation, you cannot be forced to reveal a passcode or use it to unlock your phone.

What you are talking about is cops with warrants, or being in court. That's a totally different situation. Disabling TouchID doesn't help. "Forgetting" the passcode doesn't help, only get's you into trouble. The only thing that helps is having no evidence against you on the phone.

For the uber-paranoid

[Rick+Zeman]

They should offer a 2 factor option of PIN and fingerprint.

Just turn it off...

Why not just turn your phone off? Passcode is required after a reboot...