A man was murdered, and the police think there might be clues to who murdered him stored in his phone. But they can’t get access to the phone without his fingerprint or passcode. So instead of asking the company that made the phone to grant them access, they’re going another route: having the Jain lab create a 3D printed replica of the victim’s fingers. With them, they hope to unlock the phone.
The numerous media reports I’ve read about this case don’t mention what type of smartphone the police are trying to break into, but my hunch is that it’s an Android.
There are some big differences between how iOS and Android devices implement fingerprint authentication, and some of the design decisions Apple made make the scenario described above highly unlikely.
For instance, an iPhone or iPad will time out the fingerprint sensor every time the device is restarted or after 48 hours of inactivity, requiring you to enter your passcode instead.
However, on Android 4.4 – 5.1.1 the fingerprint unlock *never* expires. Even with Android 6.0 Marshmallow, which adds an official fingerprint authentication API for the first time, I don’t believe there are any set requirements for when the fingerprint unlock should expire.
It seems to me that fingerprint security has been pretty sloppy generally on Android, with some smartphones even storing unencrypted images of users’ fingerprints in a non-protected folder.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.