Ok so let me get this straight. Uber is willing to stop doing business until I talk with my elected representatives? I think you are dreaming.
Why in the world would they do that? They'll continue operating until it's demonstrated that they're violating existing laws or new ones are passed to shut them down. That's as it should be. The presumption is that you can do whatever you like unless it's specifically restricted. Would you really want to live in a world where it's necessary to ask permission for anything you want to do?
Fine, but it's still gaming the system. No different than a person who realizes they can live off welfare all their lives.
If the system is set up to allow that, that's what the system allows. If that's not what we want, then we should fix the system.
Also they are breaking the law in most juristictions.
So you say. The officials charged with reading and enforcing the laws don't agree. If you can identify the specific letter of the law being broken, you should take it to your elected officials and get them to pressure the relevant agencies to enforce the law. But I would be very surprised if you could do that, because if they were actually breaking the law that would already have happened. There's been enough time for everyone to catch up.
Also, then you have to accept other areas where people have found to skirt the laws.. such as murder for hire on Silk Road. Perhaps we should stop hunting for these people and just see what life becomes like if we just let the markets work without regulation.
What are you on about? Conspiracy to commit murder is illegal. That's not an edge case at all.
But if nits like you get their way, it won't be long before you get turned down for a job for any number of reasons: outstanding parking ticket? No job for you.
If I got my way, we'd just open the borders. I'm not saying that we should stop immigration of workers, just that if we wanted to, there's a really easy way to do it.
"Fixing" this problem means creating a sure-fire way to prevent illegal immigrants from working in the country, so nothing is done about it. One party doesn't want to fix it because they want to make these people citizens so they'll vote for that party. An influential fraction of the other party doesn't want to fix it because they want these people to remain as a source of cheap labor.
Semi-OT, but I just want to throw out my favorite low-cost, low-effort fix for getting nearly all illegal immigrants out of the country.There are two steps:
1. Make it a criminal offense to hire a worker not vetted as legally able to work by the E-Verify system, and beef up the E-Verify system so it validates with roughly the same level of assurance as the US Passport issuance system. By "criminal offense" I mean "non-trivial mandatory jail time for the most senior company officer who approved/ordered the hire".
2. Offer permanent resident alien status (green card) to any undocumented worker who turns in his employer. The alien gets the green card whether or not E-Verify supports his right to work, to reduce the risk to the alien of coming forward. Phase this step in a year or two after the first, but make sure everyone knows it's coming.
I doubt the program would actually give out many green cards for shady employers. It would probably give a few out for bugs in the E-Verify system.
However, you're right that this won't happen because neither party really wants illegal immigration ended. My specific plan would also generate lots of objections among conservatives aghast at the idea of giving green cards to some "undeserving" people, even though the numbers would be small and the approach would be dramatically cheaper (theoretically appealing to conservatives) than other alternatives.
Except when you have years gaming online that counts as research, if someone has played multiplayer games for years, that would be the equivalent of research fron a statistical standpoint (aka enough datapoints to draw a valid conclusion).
Not unless you actually collect and collate the data and do the statistics. Otherwise, people are extremely prone to various biases in their perceptions, chief among them confirmation bias, where you unwittingly overvalue data points that support your belief and undervalue those that don't. To reach trustworthy, bias-free conclusions you must use a trustworthy, bias-free (as far as you can make it) process.
But by allowing Uber to exist and perhaps using Uber, you have already been allowed to make your vote. How long do you think I will have to wait to make mine?
As long as you're alive and able to communicate with your elected representatives.
To be fair, you didn't even grant us the dignity of waiting for a vote to be called. You just went ahead and tread on our world.
As far as I can tell, Uber isn't actually breaking laws, not unequivocally. That's why they're still operating, in the space that is also operated by contract limousines and livery companies, which have never followed the taxi laws, because they're not taxis. Where Uber is clearly not allowed by the law, they've been shut down.
One good example is Las Vegas. Vegas determined that they were not complying with the laws and shut them down until the appropriate agency made a new set of regulations for them, with public input. Another is London, where they're operating under the "minicab" laws, which have offered a more cost-effective alternative to the traditional black cabs for decades. Another is Brussels, where they're operating as a car service for a private association (which you join by requesting a car). Those happen to be the cities I've visited recently, where I didn't just rent a car, so I used Uber. And in other cities they're simply not operating because the laws will have to be changed to allow it.
Your complaint strikes me as very similar to that of people who criticize corporations for "cheating" on their income taxes by using loopholes to legally avoid taxes. They're obeying the law. If you're not happy with what the law says, then work to change it. Don't criticize people for reading it carefully and following it in the manner most advantageous to them. Or, at least, don't try to claim they're breaking the law when they're not.
and the user would still have to launch the app after installing it
I should say "and the user would still have to launch the app after it's installed, unless the attacker can find and exploit a bug in the code that unpacks and compiles the APK".
Yea you are right, that sounds like a plausible way to do it.
A notification will still show up, but the app will probably have time to launch it's malicious payload using a broadcast receiver or such before the user has a chance to do anything about it.
/greger
Well, it would require getting a malicious app into Play, and the user would still have to launch the app after installing it. Getting a malicious app into Play used to be easy but now they're scanned before publishing, and the scanner is pretty good these days.
There is still a problem with your argument, and here is why it is unfair to compare them to buggy whip makers. The regulations are there because unregulated, things didn't work.
Of course, because without some mechanism for being able to determine the trustworthiness of driver, regulation is required. Networked mobile devices provide an alternative reputation system.
Taxis in my area have to have safety shields and emergency lights... in fact one Uber driver just got attacked; face slammed into the drivers side window and a shield would have helped him
Safety shields are one option. Another is the more normal societal mechanism for discouraging that sort of thing... prosecuting the violent criminals. This is particularly easy with Uber/Lyft, since the company has the rider's contact information on file. Drivers also have the option of making use of technology to install cameras in their vehicles. Or they can install safety shields, sure. Why must the law decide how they protect themselves?
I agree with these laws
That's fine, and if a majority of citizens agree with you, that's how it will be. I'll vote otherwise, and we'll all see how it shakes out.
So is it OK if I drop by and hand you my Galaxy S6, and start a timer to see how long it takes you to break in? I'd guess 8-10 hours of solid work for you, someone who appears knowledgeable in this area. That qualifies at least as "very difficult" to me, though perhaps I overstated it with "extraordinarily difficult".
How much money is in your bank account? Most likely it's well worth that level of effort... and it wouldn't take that long. Probably half that. Even if it did, 8-10 hours is far from enough time for me to consider my phone secure. I want the break-in time to be measured in months, not hours or even days.
The problem is... on one hand you have people who want to make 'a few bucks' doing this. Should they be able to? It's beyond debate that allowing this to happen will harm the livelihoods of a million cab drivers who were told by the government that it was save to sink life savings into it because they were protected by a set of regulations.
Buggy-whip makers.
I note your point about how this is different because government regulation was involved, but I really don't see it. Many industries are erased or restructured by technological progress, and whether or not the change is related to government regulation doesn't make any difference. Also, I think your claim that people were "told by the government that it was safe" is simply false. Government never said any such thing. Government merely said that taxis must have medallions and people made assumptions about the future. Past performance is no indication of future returns and all that, in any business.
I just it is a shit deal for all of them, to convert their entire industry into a 'for a few bucks' industry.
Oh, it's worse than that, because before long their industry is going away completely, not just transitioning to part-timers. The part-timer transition may actually delay the complete disappearance of the jobs.
Frankly, I'm a lot more worried about truckers than cabbies. There are a lot more of them, and many of them live in areas with fewer local opportunities. Self-driving systems will erase the long-haul truck driving industry before they eliminate cabs.
But the solution isn't to continue applying regulations to prop up industries that no longer make sense, it's to help the people in those industries transition. I suspect that we're heading into a period of such rapid transition that we're going to have to think very seriously about some sort of basic living stipend to avoid mass poverty, plus extensive educational assistance. On the plus side, the same rapid transition will dramatically reduce production and transportation costs, which should help us fund the transitional support.
Well we shall see how it all pans out. There is a person in Canada who is trying to sue Uber because they got into an accident with their minivan and it was a total write-off and the insurance company wouldn't pay for it due to commercial use. As more of these happen it is hard to see how 'a few dollars' here and there is going to cover it.
I agree that Uber should provide better insurance, which would solve that problem. They currently provide liability coverage, but they need to provide collision coverage, and medical coverage in countries that don't have socialized medicine (a Canadian shouldn't have an issue there, right?). It would be fine for them to charge drivers for this coverage, or allow drivers to find their own. They should also probably offer short- and long-term disability coverage. Those are typically very cheap.
They're not trying to force all jobs into one mould. They're just trying to keep them safe and fair for the employee.
... by forcing all jobs into one mold. If there's a problem with lack of insurance, then that problem should be addressed head-on, not by trying to force them to treat their contractors as employees, or to follow other taxi-oriented regulations that aren't relevant under a ride-call model.
Engineers however, are arrogant as fuck, and want to be at the top of the food chain, so a couple of them will willingly fuck over their work life balance. Then they'll get promoted for it (which is a problem with the company...but its hard to say no to someone who delivered twice as much for the same pay, even if he/she screwed over their life over it).
I suppose I resemble that remark, probably including the arrogance, though I don't care about being at the top of the food chain. I just like what I do, and really feel it's important and makes the world a better place, so I sometimes work extra hours to get stuff done. On the other hand, I sometimes work a bit less, and I usually feel no compunction about dropping what I'm doing for a while for family-related activities, or to go out for a hike in the summer or skiing in the winter.
I'm posting mainly to make the point that work/life balance isn't some fixed thing that is demarcated by a specific number of hours per week. It's not the case that if you work one minute more than 40 hours in a week you've "screwed" your life. It's about your total quality of life. If you enjoy what you do for work, a few extra hours may be personally rewarding, completely unrelated to what your company or peers want from you. On the other hand, everyone needs time away, and family time will likely have a greater impact on your short- and long-term happiness.
If your company has a "first to leave is a slacker" culture, don't expect me to show up before noon.
Don't expect me to show up at all.
I've had a few interviews over the years with companies who felt that such a "work ethic" was important. I declined their offers. Were I to accidentally allow myself to be hired by one such, I'd be around just enough to avoid getting fired until I had found another job.
Of course, these days I refuse to consider any position that doesn't allow full-time telecommuting and that pretty much eliminates any concern about face time-based evaluation of my "slacking".
On the other hand, making them treat all drivers as full-time employees will exclude the people who really want to do part-time, own-schedule work. I've gotten a couple of Uber rides from stay-at-home moms who are just making a few extra bucks while the kiddos are in school. They like that they can work when they have time, and simply not bother to log in on days they have stuff to get done.
Trying to force all jobs into one mold screws those who don't want a job that fits the mold.
For the kind of cars i drive, $500 would buy me a replacement car every month.
And Uber wouldn't allow you to use that kind of car to transport its customers. Of course, I imagine you have no desire to transport Uber's customers anyway, so it works out, but it means your car-buying habits aren't relevant to the conversation.
You can do it with the Android multiple user feature. Android lets you have more than one user on a device, each with their own fingerprints. Just set one dummy user up with a Tasker script that wipes the phone (needs root) and register a finger for it.
Interesting. When you unlock the device you have to first specify which user, so the process would be "swipe down, tap dummy user, then authenticate with finger". But that's pretty close to having a duress finger.
I think we'd probably agree that almost all phone security is about discouraging trivial access
We wouldn't agree on that, actually. My goal over the next couple of Android releases is to make password-based security very strong. Even a four-digit PIN can provide very strong security if brute force countermeasures are good and the password storage and comparison is done properly, in secure hardware.
But unless/until we get really good liveness detection, biometrics are strictly weaker. That doesn't make them useless, but we need to understand the limits.
That list of steps is complicated enough that it probably requires a dedicated location (nobody is going to be able to do it while still on the subway), which gives me time to recognize my phone is gone and remotely kill it.
True, up to the "remotely kill it" part. The attacker's first step after getting your phone is to turn on airplane mode.
You still didn't read my post. It's really not relevant, and wouldn't be relevant even if it were possible. Rotation matters for secrets. Fingerprints are not secrets.
It gets even better than this with iOS 9. iOS 9 paired with any iPhone in the last couple years can generate a public/private key pair where the private key is stored in the Secure Enclave.
Android devices with hardware-backed keystore provide something similar. Starting with Marshmallow you can bind a hardware-backed key to either password or fingerprint, so it can only be used with user authentication. I'm the lead engineer for that stuff on the Android team, so I can answer any questions you may have about it.
Ok so let me get this straight. Uber is willing to stop doing business until I talk with my elected representatives? I think you are dreaming.
Why in the world would they do that? They'll continue operating until it's demonstrated that they're violating existing laws or new ones are passed to shut them down. That's as it should be. The presumption is that you can do whatever you like unless it's specifically restricted. Would you really want to live in a world where it's necessary to ask permission for anything you want to do?
Fine, but it's still gaming the system. No different than a person who realizes they can live off welfare all their lives.
If the system is set up to allow that, that's what the system allows. If that's not what we want, then we should fix the system.
Also they are breaking the law in most juristictions.
So you say. The officials charged with reading and enforcing the laws don't agree. If you can identify the specific letter of the law being broken, you should take it to your elected officials and get them to pressure the relevant agencies to enforce the law. But I would be very surprised if you could do that, because if they were actually breaking the law that would already have happened. There's been enough time for everyone to catch up.
Also, then you have to accept other areas where people have found to skirt the laws.. such as murder for hire on Silk Road. Perhaps we should stop hunting for these people and just see what life becomes like if we just let the markets work without regulation.
What are you on about? Conspiracy to commit murder is illegal. That's not an edge case at all.
But if nits like you get their way, it won't be long before you get turned down for a job for any number of reasons: outstanding parking ticket? No job for you.
If I got my way, we'd just open the borders. I'm not saying that we should stop immigration of workers, just that if we wanted to, there's a really easy way to do it.
"Fixing" this problem means creating a sure-fire way to prevent illegal immigrants from working in the country, so nothing is done about it. One party doesn't want to fix it because they want to make these people citizens so they'll vote for that party. An influential fraction of the other party doesn't want to fix it because they want these people to remain as a source of cheap labor.
Semi-OT, but I just want to throw out my favorite low-cost, low-effort fix for getting nearly all illegal immigrants out of the country.There are two steps:
1. Make it a criminal offense to hire a worker not vetted as legally able to work by the E-Verify system, and beef up the E-Verify system so it validates with roughly the same level of assurance as the US Passport issuance system. By "criminal offense" I mean "non-trivial mandatory jail time for the most senior company officer who approved/ordered the hire".
2. Offer permanent resident alien status (green card) to any undocumented worker who turns in his employer. The alien gets the green card whether or not E-Verify supports his right to work, to reduce the risk to the alien of coming forward. Phase this step in a year or two after the first, but make sure everyone knows it's coming.
I doubt the program would actually give out many green cards for shady employers. It would probably give a few out for bugs in the E-Verify system.
However, you're right that this won't happen because neither party really wants illegal immigration ended. My specific plan would also generate lots of objections among conservatives aghast at the idea of giving green cards to some "undeserving" people, even though the numbers would be small and the approach would be dramatically cheaper (theoretically appealing to conservatives) than other alternatives.
Except when you have years gaming online that counts as research, if someone has played multiplayer games for years, that would be the equivalent of research fron a statistical standpoint (aka enough datapoints to draw a valid conclusion).
Not unless you actually collect and collate the data and do the statistics. Otherwise, people are extremely prone to various biases in their perceptions, chief among them confirmation bias, where you unwittingly overvalue data points that support your belief and undervalue those that don't. To reach trustworthy, bias-free conclusions you must use a trustworthy, bias-free (as far as you can make it) process.
But by allowing Uber to exist and perhaps using Uber, you have already been allowed to make your vote. How long do you think I will have to wait to make mine?
As long as you're alive and able to communicate with your elected representatives.
To be fair, you didn't even grant us the dignity of waiting for a vote to be called. You just went ahead and tread on our world.
As far as I can tell, Uber isn't actually breaking laws, not unequivocally. That's why they're still operating, in the space that is also operated by contract limousines and livery companies, which have never followed the taxi laws, because they're not taxis. Where Uber is clearly not allowed by the law, they've been shut down.
One good example is Las Vegas. Vegas determined that they were not complying with the laws and shut them down until the appropriate agency made a new set of regulations for them, with public input. Another is London, where they're operating under the "minicab" laws, which have offered a more cost-effective alternative to the traditional black cabs for decades. Another is Brussels, where they're operating as a car service for a private association (which you join by requesting a car). Those happen to be the cities I've visited recently, where I didn't just rent a car, so I used Uber. And in other cities they're simply not operating because the laws will have to be changed to allow it.
Your complaint strikes me as very similar to that of people who criticize corporations for "cheating" on their income taxes by using loopholes to legally avoid taxes. They're obeying the law. If you're not happy with what the law says, then work to change it. Don't criticize people for reading it carefully and following it in the manner most advantageous to them. Or, at least, don't try to claim they're breaking the law when they're not.
and the user would still have to launch the app after installing it
I should say "and the user would still have to launch the app after it's installed, unless the attacker can find and exploit a bug in the code that unpacks and compiles the APK".
Yea you are right, that sounds like a plausible way to do it.
A notification will still show up, but the app will probably have time to launch it's malicious payload using a broadcast receiver or such before the user has a chance to do anything about it.
/greger
Well, it would require getting a malicious app into Play, and the user would still have to launch the app after installing it. Getting a malicious app into Play used to be easy but now they're scanned before publishing, and the scanner is pretty good these days.
There is still a problem with your argument, and here is why it is unfair to compare them to buggy whip makers. The regulations are there because unregulated, things didn't work.
Of course, because without some mechanism for being able to determine the trustworthiness of driver, regulation is required. Networked mobile devices provide an alternative reputation system.
Taxis in my area have to have safety shields and emergency lights... in fact one Uber driver just got attacked; face slammed into the drivers side window and a shield would have helped him
Safety shields are one option. Another is the more normal societal mechanism for discouraging that sort of thing... prosecuting the violent criminals. This is particularly easy with Uber/Lyft, since the company has the rider's contact information on file. Drivers also have the option of making use of technology to install cameras in their vehicles. Or they can install safety shields, sure. Why must the law decide how they protect themselves?
I agree with these laws
That's fine, and if a majority of citizens agree with you, that's how it will be. I'll vote otherwise, and we'll all see how it shakes out.
So is it OK if I drop by and hand you my Galaxy S6, and start a timer to see how long it takes you to break in? I'd guess 8-10 hours of solid work for you, someone who appears knowledgeable in this area. That qualifies at least as "very difficult" to me, though perhaps I overstated it with "extraordinarily difficult".
How much money is in your bank account? Most likely it's well worth that level of effort... and it wouldn't take that long. Probably half that. Even if it did, 8-10 hours is far from enough time for me to consider my phone secure. I want the break-in time to be measured in months, not hours or even days.
You seem quite knowledgeable
I would hope so, it's my job :-)
The problem is... on one hand you have people who want to make 'a few bucks' doing this. Should they be able to? It's beyond debate that allowing this to happen will harm the livelihoods of a million cab drivers who were told by the government that it was save to sink life savings into it because they were protected by a set of regulations.
Buggy-whip makers.
I note your point about how this is different because government regulation was involved, but I really don't see it. Many industries are erased or restructured by technological progress, and whether or not the change is related to government regulation doesn't make any difference. Also, I think your claim that people were "told by the government that it was safe" is simply false. Government never said any such thing. Government merely said that taxis must have medallions and people made assumptions about the future. Past performance is no indication of future returns and all that, in any business.
I just it is a shit deal for all of them, to convert their entire industry into a 'for a few bucks' industry.
Oh, it's worse than that, because before long their industry is going away completely, not just transitioning to part-timers. The part-timer transition may actually delay the complete disappearance of the jobs.
Frankly, I'm a lot more worried about truckers than cabbies. There are a lot more of them, and many of them live in areas with fewer local opportunities. Self-driving systems will erase the long-haul truck driving industry before they eliminate cabs.
But the solution isn't to continue applying regulations to prop up industries that no longer make sense, it's to help the people in those industries transition. I suspect that we're heading into a period of such rapid transition that we're going to have to think very seriously about some sort of basic living stipend to avoid mass poverty, plus extensive educational assistance. On the plus side, the same rapid transition will dramatically reduce production and transportation costs, which should help us fund the transitional support.
You can work part time as a taxi driver too, you know. There is nothing new in what Uber offers.
Yeah, you just try calling up a cab company and telling them you want to work random hours, or not, on a whim and without any pre-scheduling.
Well we shall see how it all pans out. There is a person in Canada who is trying to sue Uber because they got into an accident with their minivan and it was a total write-off and the insurance company wouldn't pay for it due to commercial use. As more of these happen it is hard to see how 'a few dollars' here and there is going to cover it.
I agree that Uber should provide better insurance, which would solve that problem. They currently provide liability coverage, but they need to provide collision coverage, and medical coverage in countries that don't have socialized medicine (a Canadian shouldn't have an issue there, right?). It would be fine for them to charge drivers for this coverage, or allow drivers to find their own. They should also probably offer short- and long-term disability coverage. Those are typically very cheap.
They're not trying to force all jobs into one mould. They're just trying to keep them safe and fair for the employee.
... by forcing all jobs into one mold. If there's a problem with lack of insurance, then that problem should be addressed head-on, not by trying to force them to treat their contractors as employees, or to follow other taxi-oriented regulations that aren't relevant under a ride-call model.
Engineers however, are arrogant as fuck, and want to be at the top of the food chain, so a couple of them will willingly fuck over their work life balance. Then they'll get promoted for it (which is a problem with the company...but its hard to say no to someone who delivered twice as much for the same pay, even if he/she screwed over their life over it).
I suppose I resemble that remark, probably including the arrogance, though I don't care about being at the top of the food chain. I just like what I do, and really feel it's important and makes the world a better place, so I sometimes work extra hours to get stuff done. On the other hand, I sometimes work a bit less, and I usually feel no compunction about dropping what I'm doing for a while for family-related activities, or to go out for a hike in the summer or skiing in the winter.
I'm posting mainly to make the point that work/life balance isn't some fixed thing that is demarcated by a specific number of hours per week. It's not the case that if you work one minute more than 40 hours in a week you've "screwed" your life. It's about your total quality of life. If you enjoy what you do for work, a few extra hours may be personally rewarding, completely unrelated to what your company or peers want from you. On the other hand, everyone needs time away, and family time will likely have a greater impact on your short- and long-term happiness.
Balance is a dynamic thing.
If your company has a "first to leave is a slacker" culture, don't expect me to show up before noon.
Don't expect me to show up at all.
I've had a few interviews over the years with companies who felt that such a "work ethic" was important. I declined their offers. Were I to accidentally allow myself to be hired by one such, I'd be around just enough to avoid getting fired until I had found another job.
Of course, these days I refuse to consider any position that doesn't allow full-time telecommuting and that pretty much eliminates any concern about face time-based evaluation of my "slacking".
On the other hand, making them treat all drivers as full-time employees will exclude the people who really want to do part-time, own-schedule work. I've gotten a couple of Uber rides from stay-at-home moms who are just making a few extra bucks while the kiddos are in school. They like that they can work when they have time, and simply not bother to log in on days they have stuff to get done.
Trying to force all jobs into one mold screws those who don't want a job that fits the mold.
Taxi hailing platform Uber. . .
So Uber is admitting it's a taxi service
Actually it was "An anoymous reader" who called it a taxi service.
For the kind of cars i drive, $500 would buy me a replacement car every month.
And Uber wouldn't allow you to use that kind of car to transport its customers. Of course, I imagine you have no desire to transport Uber's customers anyway, so it works out, but it means your car-buying habits aren't relevant to the conversation.
You can do it with the Android multiple user feature. Android lets you have more than one user on a device, each with their own fingerprints. Just set one dummy user up with a Tasker script that wipes the phone (needs root) and register a finger for it.
Interesting. When you unlock the device you have to first specify which user, so the process would be "swipe down, tap dummy user, then authenticate with finger". But that's pretty close to having a duress finger.
I think we'd probably agree that almost all phone security is about discouraging trivial access
We wouldn't agree on that, actually. My goal over the next couple of Android releases is to make password-based security very strong. Even a four-digit PIN can provide very strong security if brute force countermeasures are good and the password storage and comparison is done properly, in secure hardware.
But unless/until we get really good liveness detection, biometrics are strictly weaker. That doesn't make them useless, but we need to understand the limits.
That list of steps is complicated enough that it probably requires a dedicated location (nobody is going to be able to do it while still on the subway), which gives me time to recognize my phone is gone and remotely kill it.
True, up to the "remotely kill it" part. The attacker's first step after getting your phone is to turn on airplane mode.
Haha, sure dude. Whatever.
Yeah, math is hard. Let's go shopping.
You still didn't read my post. It's really not relevant, and wouldn't be relevant even if it were possible. Rotation matters for secrets. Fingerprints are not secrets.
It gets even better than this with iOS 9. iOS 9 paired with any iPhone in the last couple years can generate a public/private key pair where the private key is stored in the Secure Enclave.
Android devices with hardware-backed keystore provide something similar. Starting with Marshmallow you can bind a hardware-backed key to either password or fingerprint, so it can only be used with user authentication. I'm the lead engineer for that stuff on the Android team, so I can answer any questions you may have about it.