IHS Technology, a market research firm, announced that the number of fingerprint sensor units has grown from 316 million in 2014 to 499 million in 2015, a 58 percent increase year over year. The company also said that it expects to see that number peak at 1.6 billion shipped units in 2020.
“The market for fingerprint sensors has heated up quickly, with explosive growth expected to continue in 2016 and beyond,” said Jamie Fox, principal analyst for IHS Technology.“The highest revenue growth is likely to be in the short term, as the market becomes more competitive, price erosion continues and the high-end smartphone market matures and becomes more saturated,” he added.
This growth explosion of fingerprint readers started when Apple launched its iPhone 5S with a fingerprint sensor, and other handset makers quickly followed suit with their own fingerprint sensors. This didn’t happen just because companies wanted to copy another one of the iPhone’s features, but because there was high demand from consumers, as well.
It’s much easier to use a fingerprint to unlock a device than it is to use a passphrase or even a PIN number. Apple's PIN now requires at least six digits by default, which makes it that much harder for most people to want to use it. Plus, even six-digit PINs don’t offer an extreme level of security against bruteforcing. However, there are other mitigations (opens in new tab) implemented, such as disabling the device for one minute after six failed attempts, or users could manually set the device to erase itself after 10 failed PIN unlock attempts. Android now has similar protections.
Fingerprints should probably still not be used as passwords, but as usernames. Because of the permanence of your fingerprints and the high risk of being stolen or taken by someone else, if your fingerprint is stolen, you will never be able to use that fingerprint again if you want your data to be safe. This is exactly how governments are already using them for passports, for instance -- where they are used not to unlock something, but to identify a person. That means the government gets to have your fingerprint pattern stored in its centralized (and hackable) database.
However, it will probably be another few years or more before this becomes a serious issue, and another easy-to-use password alternative will need to be found. In the meantime, fingerprints are a highly convenient password alternative that more and more smartphone buyers are embracing, at least until news stories about fingerprint patterns being stolen and used for crimes start appearing. The inherent security issues probably won’t dissuade too many people from using them to unlock devices, for mobile payments, or even for web services, for now.
In order to make fingerprints more resistant to spoofing, ultrasonic fingerprint sensors have started to appear, led by Qualcomm’s Sense ID, which will arrive alongside the Snapdragon 820 in multiple devices this year. Ultrasonic fingerprint readers can scan the “3D image” of a fingerprint, so at least it won’t be easily replicated from photographs. However, the issue of these fingerprints being stolen from devices remains.
It should at least keep the owners of such fingerprint readers a step ahead of many data breaches for a few years, as for now the governments are still using traditional 2D fingerprint scanning machines for passports and other services. Therefore, even if those fingerprints get stolen, they can’t be used to unlock devices where you’re using a 3D image of your fingerprint. Fox said that InvenSense is another company that should start selling ultrasonic fingerprint readers to device makers in 2017.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.