Chain’s iOS API Provides Fingerprint Authorisation for Bitcoin Apps

Chain has released a demo iOS app with a new feature it says is the future of bitcoin on mobile devices – the ability to send bitcoin using fingerprint recognition technology. The team says that by using Apple’s built-in Touch ID feature, users can now authenticate a transaction with the dab of a digit, and describes the technology as a “simple solution for mobile bitcoin apps that need to sign transactions and store private keys”. The best news, perhaps, is that the new API can be freely used by others. Chain told CoinDesk that the solution is “totally open source” and that developers can take it, fork it and use it as a base for their own apps. All developers interested in the project can find all the necessary code and documentation on GitHub. How it works The demo wallet has been built using Chain’s API, and utilises Apple’s Touch ID fingerprint scanner to ensure no one other than the device’s owner can use the private bitcoin key. The key itself is stored in the iCloud Keychain – a feature that stores and shares account IDs, passwords and other sensitive information across a user’s Apple devices – but is used only by the app using the API. A person wanting to send bitcoin simply opens the Chain app, and clicks ‘send’. At this point they are prompted to touch the fingerprint sensor on the phone to authenticate the transaction. Once approved, the user can scan a QR code or paste in the receiver’s wallet address and complete the transaction (see the video below). Caveats apply The new API will not be available for a great number of devices for a while however. The demo wallet uses the iOS 8 Touch ID API, meaning it cannot be used on earlier releases of Apple’s mobile operating system. Apple opened its fingerprint scanner to third-party developers in iOS 8, so this functionality is only available for devices running Apple’s forthcoming iOS 8 update. For the time being, Apple only offers Touch ID on the iPhone 5S. Furthermore, because Chain uses iCloud to store bitcoin keys, the solution is only as safe as Apple’s security. To make this clear, the team offers the following security disclaimer: “You have to 1) trust Apple’s security and 2) use Apple’s security (i.e., do not use on jailbroken phones). We recommend only using this sort of implementation with small amounts of money (think wallet, not bank account), and using multi-sig and cold storage for storing larger amounts, ideally spread across multiple services.” Questions have been raised about Touch ID security in the past – while experts agree it is more secure than a four-digit PIN, don’t expect industrial grade security. It does, however, offer an additional layer of biometric security and, now that it is open to third parties, looks likely to be used for payments in the very near future. biometricChainfingerprintsecurityTouch ID
Original author: Nermin Hajdarbegovic