Remember when Apple debuted the Touch ID fingerprint reader in the iPhone 5s in fall 2013? Many in IT pooh-poohed it as a fad that couldn't really be secure, and security consultancies raced to find outlandish -- and very-hard-to-repeat -- ways to break the fingerprint protection (for example: heating a cut-off finger to body temperature).
Be prepared for the same knee-jerk negativity for the Samsung Galaxy Note 7, the newest version of Samsung's flagship phablet, which makes its public debut today and goes on sale this Friday. The Galaxy Note 7 is the first popular smartphone to include iris scanning as an unlock mechanism, bringing a new biometric option to the mobile security portfolio.
I've already seen grumblings of how it won't or can't work well. Don't pay attention to the naysayers. And remember the lesson of Apple's Touch ID: Those first reactions were largely unsubstantiated, and the true hacks involved the kind of work that the Russian, British, Chinese, and American government spy agencies would resort to, not what 99.99 percent of the world need fear.
The Galaxy Note 7 is a very nice device; Samsung continues its tradition since 2015's Galaxy S6 series of producing high-quality, intelligently designed smartphones that rival Apple's iPhone quality and innovation. And the Galaxy Note 7 fixes the fatal flaw in its predecessor, the Note 5. That's why for most enterprises, the iPhone is the top smartphone, followed by the Samsung Galaxy S and Note series.
For the Galaxy Note 7, the key enhancements inside the smartphone involve security. The iris scanner is the obvious addition to those enhancements. It works, and it's not difficult to use -- after a few attempts to line up your eyes, motor memory kicks in.
Yes, the fingerprint reader is faster, but you don't have to choose. The Galaxy Note 7 lets you use the iris scanner, access the fingerprint reader, type in a password, or tap Google's Smart Location feature that lets you set safe zones such as your home or office where the smartphone unlocks automatically. (IT's mobile management policies can override such settings, of course.)
That's the real benefit: You can have multiple techniques to unlock the device.
After all, if your fingers are wet or have residue on them, they usually prevent the fingerprint scanner from working. If you're wearing glasses or even contacts, Samsung's iris scanner may not work. Contacts are a tough issue because you can't simply take them out to use the iris scanner. Fortunately, I found if you set up iris scanning with your contacts on -- and they're not heavily colored -- it works fine.
Apple pioneered the multiple-paths approach with Touch ID, which works alongside a password, but Samsung has upped the ante by adding iris scanning, as well as supporting Google's own Smart Lock feature and pattern-unlock capability. The more ways you can enforce password usage, whether directly by entering them or via a proxy like fingerprint or iris, the more secure you are.
The Galaxy Note 7's security goes well beyond the introduction of iris scanning. It uses Samsung's Knox technology to create secured folders -- those that require their own password or other credential -- for data and apps. Thus, even if someone else has your smartphone, they can't get to those files without the additional credential. These secure folders are on top of the secured container you can set up via Google's Android for Work or Samsung's Knox technologies, which basically create a secure partition on your smartphone.
This notion of multiple security layers is not a Samsung invention, of course. It's long been a pillar of security. And you'll find both Android and iOS apps that let you require a password to access their contents -- Microsoft Office and Apple's Notes are examples. But what Samsung has done in the Galaxy Note 7 is provide more layers. And by making them a device-wide facility, you can add protection to apps that don't offer that capability on their own.
The Galaxy Note 7 continues a change to device security that Samsung brought to the Galaxy S7 earlier this year: Encryption is on by default if the device has a password enabled. You can't disable encryption on the Galaxy Note 7 once enabled -- unless you also disable the password requirement to unlock the device. (The iPhone has auto-enabled encryption since iOS 4.2 in 2010, and it provides no mechanism to disable it.).
Even 2015's Android Marshmallow doesn't require encryption. When you activate an Exchange account you suddenly get an out-of-compliance notification (because practically every enterprise's mobile management policies require encryption be on) and have to connect your smartphone to a charger, wait till it has sufficient charge, then hang on for the half hour or so for the encryption to kick in. By contrast, on the Galaxy Note 7 (and S7), encryption is enabled at the same time as the password.
You can choose to encrypt or not any SD card external storage, but the device itself and the default storage locations are encrypted. (Again, IT can disallow access to external storage via mobile management policies.)
Are there further improvements that Samsung could make in the Galaxy S and Note lines? Yes, though not necessarily for security. For one, I'd love to see Exchange setup have an explicit Office 365 option because the data patterns for noncustom Office 365 accounts are different than for Exchange Server accounts, but what user knows that? More important, why should a user have to know that? Samsung already does a strong job in supporting Outlook in its client apps.
It's clear that Samsung is taking device security extremely seriously -- to the same extent it has been taking build quality and aesthetics. Apple got there several years ago, but it's no longer the only game in town. That's great for us all, user and IT alike.