Apple’s clever strategy for forcing partners to use Face ID

Credit to Author: Evan Schuman| Date: Mon, 18 Sep 2017 03:00:00 -0700

When Apple announced the iPhone X last week, the most sophisticated (and widely predicted) feature revealed was the facial recognition approach, called Face ID. But by choosing to go all or nothing with the iPhone X — it’s only Face ID, with no support for Touch ID — the big risk for Apple was that all the companies that support Touch ID in their apps wouldn’t quickly make the move to Face ID. So Apple made the decision for them.

As the recent healthcare debate in the U.S. demonstrated, it’s extremely hard to take back something people have grown to like. Apple’s choice of biometric authentication faced the same problem. If Amazon, Chase, Fidelity or any of the other major companies whose apps use Touch ID as a way to log in without a password failed to move to Face ID, their customers would have been forced to go back to typing in long passwords. Apple, ever mindful of customer experience, chose to not permit that to happen. To make sure companies use Face ID in their apps, Apple simply didn’t give them any practical choice.

“They have released the dev kit to the world, and it works exactly like Touch ID, from a development point of view,” said Michael Fey, lead iOS developer for 1Password. The API for Touch ID “is the exact same API for how Face ID works.”

Steve Schult, senior director of product at LastPass, agreed.

“Face ID will work right out of the box,” he said. “If we did nothing, the user will be able to use Face ID on our app.”

Some product managers Computerworld reached out to about the Touch ID-to-Face ID transition didn’t initially realize that the biometric transition was made effortless. Literally, if a company already had Touch ID integrated and it did absolutely nothing, Face ID would simply work.

As a practical matter, it’s unlikely any developer would do that. There are a variety of cosmetic changes that companies would want to make, such as changing the word “Touch” to “Face” or perhaps changing a finger icon to a face icon. It’s also not apparent how easy the Touch-to-Face changes are because just about all developers are dealing with various other changes for migrating to the new Apple mobile OS (iOS 11) and for dealing with the new phone, iPhone X, and its unusual design cutout at the top of its screen.

By the way, if Apple wants people to say “iPhone 10,” why didn’t it simply name it “iPhone 10” or “iPhone Ten” instead of iPhone X? “Apple: Think annoyingly.”

Unless a company feels like creating its own authentication system — and why would it when it can simply use Apple’s and focus on its own app capabilities? — or wants to reacquaint its customers with the joys of keying in a password, it is likely to opt for Face ID anyway. Apple has simply spared it the effort.

Not that some companies haven’t tried to pretend that the move to Face ID was something other than a fait accompli.

Asked about whether Bank of America will support Face ID on its app on iPhone X, Michelle Moore, head of digital banking at BoA (which already uses Touch ID on its iOS app), said: “We are always testing new forms of authentication for the safety and security of our customers and the bank.”

Asked the same question, Paul Hartwick, a spokesman for Chase, which also uses Touch ID on its iOS app, said on Wednesday, “At this point, we do not have any plans to announce. Like everyone else, we learned the news yesterday.”

Other companies that are using Touch ID on their iOS app — including Fidelity Investments, Dropbox, PayPal, Amazon, Natwest, Royal Bank of Scotland, Evernote, eHarmony and Starbucks — did not respond to an emailed invite to discuss this issue. (Note: HSBC did respond and said it wanted to discuss the matter, but it never replied when we replied.) Apple also didn’t reply to repeated requests for comment, sent to multiple Apple spokespeople.

Apple’s strategy here, though, is impressively sound. Once it decided to support only one biometric approach for iPhone X, it had little choice but to do everything it could to make support a no-brainer. Indeed, from an ROI perspective, it is essentially guaranteeing that every partner initially support Face ID.

But that business ROI equation would change if consumers started rebelling against Face ID, for example, if it simply proves to not work very well when widely distributed.

A glitch at the Apple rollout of Face ID made the authentication mechanism appear to not work on stage. Apple later tried to recover, arguing that someone backstage had tried to use the phone a few times to tweak how it was set up. Because the presenter had earlier set the phone up to authenticate only his face, the result was a confused iPhone X, which noted three incorrect attempts and locked the presenter out. That is why, Apple argued, the presenter needed to type in his PIN during the presentation.

Whether or not that defense is true, Face ID is going to get a far more realistic test after it starts mass shipping in November. If Face ID proves to have real problems in the field — problems Apple can’t quickly fix with a software patch — then partners would have justification in exploring authentication alternatives. Still, asking the likes of Chase or Amazon to create their own biometric approach is asking quite a lot.

If that happens, Apple will be in a world of hurt, since its high-priced iPhone X units have no hardware means of going back to Touch ID. This would be far more painful than the dreadful problems early in the Apple Maps rollout, since users then could simply switch to Google Maps. (By the by, if you want a Face ID chuckle, Conan O’Brien’s show did a wonderful short segment on the rollout.)

On a related iPhone X note, expect to see a collision between two of the X attributes that Apple stressed the most: the new wireless charging capabilities and the new phone being all glass. The phone’s higher percentage of glass is going to make having a high-end phone case even more critical. But customer service representatives for the largest maker of iPhone protection cases, Otterbox, are telling customers that some of its most protective cases will significantly slow down wireless charging times. (Obviously, the case doesn’t impact plugged-in charging times.)

If these charges are going to require removing and then reinstalling the case every time, a simple power cord is going to look a lot more attractive.

http://www.computerworld.com/category/security/index.rss