Here’s why you can’t use Touch ID to unlock your iPhone after rebooting

Touch ID

Touch ID is one of my favorite features of the iPhone ever since it was introduced last year. Unlike fingerprint scanners that I had used on laptops and the frustration with them, Touch ID just works.

However, there is one minor annoyance. Every time you reboot the device, you can’t use Touch ID, you need to enter the passcode to unlock the device for the first time, and to be able to start using Touch ID.

For a feature that works so well, it seems quite lame to have to fall back on the passcode. I must admit I didn’t try to find out the reason for this limitation. Thankfully a user with the handle Xenon808 was quite inquisitive to ask the question on reddit “Why do you have to type in your PIN after rebooting your phone or after a certain amount of time. Aren’t fingerprints more secure?”

So reddit user biscuitswithoutgravy points out, the answer to the question can be found knowledge base article on Apple’s website, which provides information about how the advanced security architecture called the Secure Enclave within the A7 and A8 chips works.

Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.

It looks the secure enclave is locked with the passcode, and needs to be unlocked after reboot, which is why we need to enter the passcode for the first time after rebooting before we can start using Touch ID.

[Apple via reddit, Hat tip: BGR]