It was recently discovered that older iPhones using Touch ID were affected by a bug in the newly released iOS 13. The bug causes the authentication dialog box to not be displayed, although the Touch ID capability may still be there. Users see no indication that Touch ID authentication was invoked and are not aware that they can scan their finger. Most users would just wait for the dialog box to appear or close and re-open the app multiple times thinking that this is a one-time glitch. Confusing? Frustrating?
Not only is this annoying to end users, but also to the myriad application owners who rely on Apple’s authenticator for access. When the apps can’t be accessed, most users won’t know about the bug in iOS 13. Most users will blame the application owner. Frustrated users will, in turn, increase the volume of calls and complaints to the companies they are trying to access. Apple may have frustrated their iPhone users, but they likely frustrated their app owners even more.
If you’re an application owner, are you now stuck waiting for an iOS update to fix the bug? The bad news is that you probably are stuck. The good news is that you don’t have to be. While the bug is in the core of Apple iOS, enterprises can quickly react to it without making any code changes to their apps and without the need to re-publish the app. The secret here is to decouple the authentication process from the application so that identity-related changes can be implemented quickly and simply without having to touch application code.
Based on device model and OS version it’s possible to identify devices on which the bug can manifest and then take the user through a different authentication journey. This journey can simply make the user aware of the bug and instruct them on how to use fingerprint authentication despite the bug or it can direct users to alternate authentication options, all based on the desired user experience.
When it comes to authentication, authorization and fraud prevention, agility is the key. Without agility you’re either vulnerable, or in this scenario, make users frustrated and increase the volume of calls and complains. Agility in identity is the ability to react fast without waiting for development cycles or app approval and publishing cycles. If you want to learn how you can always stay ahead of the bugs in iOS or any operating system, contact Transmit Security now.