Biometric app downloads set to soar in next four years, study shows

A little glue goes a long way in fooling a fingerprint scanner.
Screenshot by Lance Whitney/CNET

Mobile applications that rely on biometrics — everything from fingerprint scanning to facial recognition — are set to take off in the next four years, according to new data released Tuesday from Juniper Research.

The research firm predicts that in 2015 mobile users worldwide will download 6 million apps equipped with support for biometrics and that figure will soar to more than 770 million per year by 2019. Juniper says that fingerprint scanners, like those bundled in Samsung and Apple handsets, will be relied on in most apps, but other techniques, such as ear print and voice authentication, will also become more popular.

Biometrics has become the next frontier in securing mobile devices and apps. With hardware increasingly featuring biometric support, like Apple’s iPhone 5S, 6 and 6 Plus — which all come with the company’s TouchID fingerprint scanner — app makers are finding that adding biometric security to their programs is a viable step.

The use of biometrics is perhaps bad news for traditional authentication techniques, like passwords. A wide range of apps now allow for customers to input either their alphanumeric password or scan their fingerprints, if not both. The idea is that biometrics is safer because a third party would have a far more difficult time hacking apps without physically having the person with the identifying fingerprint and hardware in the same room.

That said, some research has shown that biometrics might not be as safe as conventional wisdom suggests. Since Apple launched the iPhone 5S in 2013, fake fingerprints have been used to fool the company’s TouchID sensor. This past September, Lookout Mobile Security found that while Apple improved the security of its fingerprint sensor, the company was able to lift fingerprints from the device’s owner, using gummy substances like Elmer’s glue that coat the subject’s fingers and graft fingerprints on the glue. From there, the hacker needs to press the fingerprint onto the sensor and the phone opens.

While Lookout acknowledged that its technique is sophisticated and is unlikely to cause issues for most users, hackers from the Chaos Computer Club in 2013 lifted a user’s fingerprint from a glossy surface by dusting it with graphite and photographing it at a 2,400-pixel-per-inch resolution. Those fingerprints were then pasted onto film and placed on the iPhone’s home button to open it.

“Fingerprints should not be used to secure anything,” the hackers said at the time. “You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.”

Apple’s technology is not the only one with vulnerabilities. Samsung’s Galaxy S5’s fingerprint scanner was easily hacked by Security Research Labs last year using what it called the “wood glue spoof.” The report prompted US Sen. Al Franken (D-Minn.) to write a letter to Samsung saying he’s worried that the device isn’t secure enough.

Lookout Mobile Security chief security researcher Marc Rogers told CNET in September that he doesn’t “think people need to worry just yet” about biometric security, but he did believe that some “distinct flaws” in the technology “could lead to problems down the line.”

Regardless, if Juniper’s data is true, biometric support in apps will come fast and furious, and hardware users will be downloading them at a fast clip. It’s also possible that the feature could be used in other ways, Juniper says.

“As consumers seek to reduce the likelihood of their social media profiles being hacked, service providers, such as Facebook, may turn to facial scanning to add value through increased authentication security,” the company said.

Neither Apple nor Samsung immediately responded to a request for comment.

Check Also

8 New Google Products We Expect to See This Year

Google’s device line could end up having a particularly important moment in 2023. The company usually announces new Pixel products throughout the year. Google is expected to release its first foldable phone this year, however, which would directly compete with Samsung’s proven line of Galaxy Z Fold devices. Google also introduced its own ChatGPT rival, …

Leave a Reply