Apple dropped a bit of a bombshell into its WWDC 2021 presentation this week: iOS 15 will let an iPhone hold digital versions of the user's house keys, hotel room keys, workplace ID cards and, last but not least, driver's license or other government-issued form of identification.
"With the Apple Wallet app, we set out to replace your physical wallet," said Apple vice president of Wallet and Apple Pay Jennifer Bailey. As Bailey pointed out, Wallet can already "hold" touchless credit cards and transit cards and wireless-key-fob codes for some modern vehicles.
"However, to be fully free of your physical wallet, there's one more thing we need to bring to iPhone, and that's your ID," Bailey said. "So we're bringing identity cards to Apple Wallet."
- iOS 15 release date, beta, supported devices and all the new iPhone features
- The iPhone 13 is coming: Get caught up on all the rumors
"This fall, you'll just scan your driver's license or state ID in participating U.S. states," said Bailey, although she didn't name those states. Apple will likely release a list in the coming weeks and months.
Bailey added that Apple was even working with the Transportation Security Administration (TSA) to let digital driver's licenses held on iPhones become acceptable proof of identity to board U.S. domestic flights.
An Apple press release after the presentation referred to "Identity Cards" with specific capitalization, although it wasn't quite clear if that was the official name of the feature. Bailey mostly referred to just "ID."
Convenient or creepy? Security experts weigh in
So is letting your iPhone become your primary means of identification really a good idea? Is that what smartphones are meant to do?
Some of the security and privacy experts we spoke to weren't worried.
"From a usability perspective, I'm stoked," said Patrick Wardle, a well-known Mac hacker and founder of the Objective by the Sea security conference. "[I] hate having to dig out my ID when traveling, and worrying about misplacing it. Having it on one's phone seems like a no-brainer."
"From a risk perspective, a digital ID stored cryptographically on your phone (and in the cloud) is just as, if not more secure, than a physical ID in some ways," said Sean Gallagher, a senior threat researcher at Sophos.
"If your wallet is stolen or lost, you have lost control of your government ID," Gallagher added. "If you lose your phone, at least you can remote delete your wallet along with all the other sensitive information, and it is (or should be ) protected by a passcode."
Yet Thomas Reed, director of Mac and mobile security at Malwarebytes, wasn't so sanguine about the idea of a digital ID.
"Apple has a lot to think about on this front," he told us. "Although I imagine that it is possible for Apple to make these digital IDs secure and private, it's going to be very tricky to get it right."
iPhone as ID Card: It was inevitable
We can see why Apple's new feature could creep some people out. Other digital device and services, including many password managers, already let you store information from your driver's license securely as a backup.
But this is the first time we've heard of a digital item that can completely replace your physical driver's-license card. Letting your iPhone become your proof of identity seems like uncharted territory. Is Apple replacing the government as the ultimate authority of personal identity?
"I understand the unsettling feelings this evokes, but this was an inevitability," said John Shier, senior security advisor at Sophos. "Millions of people have been using features like Apple Pay and Google Pay without incident for a while ... If the implementation is secure enough to be trusted by banks and card issuers, it legitimizes the technology for other uses."
"I don't think that Apple is replacing or assuming the function of a government agency," Shier added. "They are not holding the data centrally and are not issuing the documents. They are simply providing people with a secure way to digitally store their physical IDs."
Digital IDs are not a new IDea
Digital driver's licenses that you can hold on your smartphone are not a new idea. USA Today wrote about them more than two years ago, reporting that "a dozen states are in various stages of testing mobile or digital driver's licenses that operate on smartphones."
The American Association of Motor Vehicle Administrators (AAMVA) has a page detailing various efforts along such lines around the world. There's even an internationally agreed-upon standard for digital driver's licenses.
In fact, Apple is kind of playing catch-up here. Qualcomm teased in 2019 that it was working with Google on such a feature for Android phones, and Google this past October confirmed that an API for mobile driver's licenses was built into Android 11. Presumably, that's to let developers create third-party ID apps.
"There are already similar implementations in Europe that are using digital IDs in the place of physical cards," Shier told Tom's Guide. "If the worry is in Apple having access to the data, the fact that it resides solely in the Secure Element should allay those worries."
A single point of failure
It's fair to say that Apple may be out in front of Google on this issue now. Which gets to the next question: Do you want your iPhone (and maybe soon your Android phone) to be the crux of your entire identity? Do you want it to hold ALL the keys — to your house, to your car, to your office, to your life? Do you want to create a single point of failure?
"You mean like carrying a purse?" asked Melanie Ensign, founder of the security and privacy communications firm Discernible, Inc. "It doesn't significantly change the current authentication mechanisms/vectors themselves, just speeds up the process."
"When you hand your physical ID to a TSA agent, what do they do with you?" she asked. "Put it in a scanner/camera! Apple Wallet merely moves the scanning process to much earlier in the journey."
Oh, hey, an Apple event! Looks like Apple Wallet is adding the ability to unlock doors and hold your government ID, realizing my dream of only having to lose a single device to lock myself out of my hotel, home, and office and put myself on a no fly list.June 7, 2021
Apple's goal is to make itself indispensable to its users, and Apple Wallet's new functions create further customer lock-in to the Apple ecosystem. If your apps, your email, your credit cards and now your very ability to drive a car and board a plane are tied to Apple, it will be that much more difficult to switch to another smartphone platform.
"I don't know that I'm that worried about the technology itself, but I'm concerned that people might come to rely on it too much," Shier said. "If you routinely leave your house without your physical wallet and keys, what happens when your phone's battery dies on your way to the airport?"
On the other hand, he pointed out, "if you ever lost your wallet while travelling, having these things on your phone would at least provide some way to pay for items and identify yourself until you managed to get home and have the documents replaced."
Can you hack a digital ID?
Bailey said in her presentation that all these valuable documents and digital authorization keys will be held in the Secure Enclave hardware chip on an iPhone.
It's pretty hard to hack those, but it's less difficult to hack iOS in general, and if the iPhone's screen can display the driver's license, then another app might be able to see it.
Let's look at this practically. If your smartphone, your house keys, your car keys and your driver's license are all be one item, then if your iPhone is lost or hacked (it does happen), then you might be in serious trouble.
Despite this, Wardle is calm.
"From a privacy point of view, I'd still sleep well at night, as the physical security of iOS is quite impressive," he told Tom's Guide.
"If my iPhone gets stolen, sure it has my 'digital soul' [with] all the things (and now maybe even IDs?), but unless you're the FBI with $1M+ you're not getting access to them. ... To a thief, it'd just be a relatively useless paper weight at that point."
That might depend on how exactly the thief gets the phone. Gallagher wondered about "social engineering methods combined with technical methods" that could "allow a digital wallet to be picked."
"It’s just much more unlikely if you follow basic phone privacy measures," Gallagher said. "But I can envision someone convincing a person to unlock their phone and then snatch it from their hands and run."
Like Wardle, Shier is not worried about the technical aspects, and believes that there's an advantage to Apple doing this instead of a less capable organization.
"I think the security and privacy aspects of this are proven and solid," he told us. "It mostly comes down to individual users' comfort with using digital representations of items they've only ever used in physical form."
"In some respects," Shier added, "I'd rather see this initiative led by a company, who thus far seems to be on the right side of privacy and security, rather than leaving it to individual local, state, or federal governments who don't have a great track record with either."
What about showing your Apple ID card to police?
Then there are more practical matters. Reed wonders what will happen when a cop pulls you over and all you've got to show is a digital driver's license.
That procedure "generally involves handing over my license and proof of insurance, which the police officer takes back to his car," Reed pointed out to Tom's Guide.
"How is this going to work with a digital driver's license? I'm certainly never going to be comfortable with handing over an unlocked phone to anyone, including a police officer," he said. "Apple will need to find a way to secure the driver's license, or any other critical piece of identification, such as an insurance card."
Police generally need a warrant to get a person to reveal a PIN or a passcode, but some U.S. courts have ruled that a cop can force you to unlock your phone with a fingerprint. Either way, it might be best if Apple develops a way to transmit the ID data without unlocking the phone.
"Many people would be quite hesitant, and rightly so, in handing their phone to a police officer or TSA agent," Shier said. "Being able to tap your phone on a receiver that then displays the information to the requesting party would be a good idea."
Will Apple's ID cards make it easier to create fakes?
As Apple described the procedure, all you need to do to import your driver's license into Wallet is to scan it with your iPhone. If that's all there really is to it, then are teenagers all across America going to print out fake IDs at home and import them into Wallet so that they can drink at bars?
Or, as Reed pointed out, could you even steal someone's identity with an iPhone?
"Someone could very easily scan a driver's license that doesn't belong to them or scan a fake ID," he told us. "How is Apple going to validate that the license is truly yours, and that it's valid? Will this become a new avenue for identity theft or creation of false identities?"
It's possible that states are already building safeguards into their physical drivers' licenses.
"If this includes a photo of the barcode, it's much harder to fake," Ensign said. "We already use QR codes for authentication all the time, plus if it's connected to any other data on your iPhone, it's much better authentication than a physical ID card alone."
"I don't think it's Apple's responsibility" to prevent the creation of fake IDs, said Shier. "If the issuing agency has made it too easy to forge a document, then they should reconsider how they can improve the document's security features. They could even work with technology companies to embed anti-forgery mechanisms into the documents that would be recognized as legitimate by Apple."
A long-term privacy game
Ensign said that the introduction of Wallet digital IDs puts the long game that Apple has been playing regarding privacy and trust into greater perspective.
"It becomes increasingly more obvious why Apple pushed privacy so hard in everything it said for the last several years, with enough action behind it to reap the reputation value," she said.
"They knew this was coming, and needed public trust to make it work," Ensign added. "It was a long-term bet, one that any less patient company could never pull off."