The iPhone 5s took fingerprint sensors mainstream on smartphones, but the new ICE Unlock Android app lets users unlock their Android phones via the rear-facing camera.
Developed by Birmingham, Ala.-based security developer Diamond Fortress Technologies (DFT), ICE Unlock aims to do away with long passwords and expensive hardware. But how safe is it to trust a third-party app with the keys to the kingdom — or at least to your smartphone? We went hands-on to find out.
MORE: 13 Security and Privacy Tips for the Truly Paranoid
How it Works
After downloading and opening the ICE Unlock app (compatible with Android 4.0 and up) you'll be asked to agree to a user agreement and then watch a video tutorial of the sign-up and sign-in process. Then, you'll choose a four-digit PIN that serves as your backup key, in case the fingerprint doesn't work for some reason.
Next, you'll have to take two photos of your finger by holding your phone in one hand and raising a finger of your other hand in front of your phone's rear-facing camera. An oval-shaped reticule appears on screen when you're taking the pictures; you have to set up the shot so your fingertip appears in that reticule in order for the app to get a good enough image.
ICE Unlock takes those photos and builds a "template" of your fingerprint, which is saved to your phone. After that, your phone will ask you if you'd like to set ICE Unlock as your default home unlock screen. You can choose "Always" or "Just once." Choose "Always"; selecting "Just once" caused a glitch that we solved by uninstalling and reinstalling the app.
If you had a previous unlock screen set up, such as a PIN or pattern, it will still appear when you unlock your phone, and the ICE Unlock screen will appear. This is useful if you'd like to set up two layers of security on your phone. To change these settings or to disable ICE Unlock after you've enabled it, you can go to your phone's Settings and then tap Application Manager.
The next time you want to unlock your phone's home screen, you'll be asked to take another photo of your finger. The app will compare the new image to that saved template in order to verify your identity.
More Secure Than Touch ID?
This template is stored on your phone in an area of storage that, according to DFT, "can only be accessed by ICE Unlock." The photos of your fingers, however, are not saved.
In comparison, an iPhone 5s' fingerprint software, called Touch ID, stores its owner's fingerprint data in an isolated storage area on the phone's processing chip that Apple says other apps, malware or hackers cannot access.
However, DFT CEO Chace Hatcher said that DFT's software is even more secure than Apple's solution.
"As Touch ID stores the user's fingerprint template in a segregated memory area, it is arguably more secure from malicious attacks," Hatcher told Tom's Guide.
Hatcher said that's because the app is sandboxed, meaning it runs separately from the rest of the programs and data on the device.
MORE: How Secure Is the New iPhone's Fingerprint Security?
However, if users were to root their Android phone, they would dismantle this security, leaving all of its files potentially vulnerable. Rooting a smartphone means giving yourself a higher level of access to your smartphone's inner workings. It gives you more control over how your smartphone works, but it can also strip away some of the protection built into your device.
According to DFT, the possibility of users rooting their phone is the reason the company includes a line in its user agreement stating that the "user is solely responsible for the confidentially and security of user's data and information sent from or stored on a device by the application."
"DFT ultimately cannot prevent how users use their device; i.e. some users may root their device, or install malicious software that could potentially compromise the security of the entire device and the applications on it, including ICE Unlock," Hatcher said.
Users should be aware that the app requires access to your phone's storage, microphone, camera, network communications and phone-call data.
However, users should also know that this isn't much different than the vast majority of other perfectly legitimate and functional apps out there. In fact, Bitdefender's Clueful app, which rates the privacy risks of apps installed to your phone, gives ICE Unlock a "low risk" application, which means it has far less access to your phone's functions than apps such as Facebook or Twitter.
A Few Pointers
The first time we used ICE Unlock with a Samsung Galaxy S4, the registration process went fine, but when we turned the screen off and on again, the app wasn't able to recognize our fingerprint.
We signed in using the four-digit PIN, re-registered our fingerprint, and after that, the sign-in worked just fine.
Unlocking your phone with ICE Unlock takes a bit longer than entering a PIN or password, because you have to get the phone in the right position and align its camera with the finger of your other hand. If you have unsteady hands, you might need to place both wrists on a surface to get a good photo.
However, what ICE Unlock might lack in timeliness it makes up for by eliminating one of the biggest obstacles to good password security: having to remember passwords. For people who want to lock their phones but don't want one more password to remember, ICE Unlock might be just your thing.
In terms of security credentials, ICE Unlock might not be Fort Knox. Hatcher told us that a high-resolution photo of a fingerprint could in fact be used to unlock the app, though he also pointed out how difficult it would be to get such a photo of someone's fingers without their noticing.
For a free app, ICE Unlock it does exactly what it's supposed to do. DFT also has plans to improve the app's features, so you might be able to use it to sign in to other applications on your phone in the near future.
Email email@example.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.