What makes you think they don’t send passwords to Apple itself?
Apple (claims) to not save Face ID, that the scans/info is just saved on the device, and that the device only sends an encrypted “confirmation” to Apple. Basically for Face ID the device sends a message saying “we checked the face and it’s good” instead of sending the face itself.
But passwords can 100% get saved by Apple.
Biometric authentication data is stored on the device in the secure enclave. It’s only used on the device. It does not need to be sent anywhere.
Your Apple password is sent to Apple, but it is not stored in plaintext. It’s encrypted in transit and hashed at rest so no one can read your actual password.
Just for Face/Touch ID: There’s a chip in the device called the “Secure Enclave” designed specifically to store these biometrics. Essentially, your phone reads your face/fingerprint then passes the data to the Secure Enclave. The Secure Enclave then responds with “yes, passed the test!” Or “no, this is a different person”. That answer determines whether or not you’re allowed to login/view sensitive data/other protected actions.
First, there’s a part of the chip on the iPhone that’s walled off from the rest of the phone. It has its own little operating system and a little bit of storage, and it’s called the Secure Enclave. The rest of the phone can only send requests to the SE, like encrypt this, decrypt this, give me the keys for that, etc.
So when you put in a PIN for the first time, the OS tells the SE “Register this as the new PIN.” The SE then stores an encrypted key derived from the PIN. Then when you enter a PIN later, the OS asks the SE “Is this the right PIN?” The SE runs the entered PIN through the encryption to see if it comes out right, and then either denies the request because the PIN is wrong, or it passes on the keys to the OS that are necessary to unlock the phone.
The SE stores FaceID and TouchID data too. Now your face isn’t stored as a face, but a number algorithmically derived from what your face looks like. Same goes for your fingerprint. So when you register your face the OS tells the SE “This is an allowed face, store it.” Later you look at it, the OS sees a face, and it sends that to the SE asking “Is this a valid face?” The SE returns either a deny or the information necessary for the OS to unlock the phone.
Latest Answers