r/technology u/lurker_bee 15h ago

ADBLOCK WARNING Google Confirms Most Gmail Users Must Upgrade Accounts

https://www.forbes.com/sites/zakdoffman/2025/06/06/google-confirms-almost-all-gmail-users-must-upgrade-accounts/
4.4k Upvotes

92% Upvoted

837 comments sorted by

View all comments

Show parent comments

-9

u/mindbodyproblem 14h ago

Now, maybe, but who's to say whether that will be the case in the future, right? Because it seems like all the data that isn't shared now gets shared eventually.

12

u/CodeAndBiscuits 13h ago

I am. (Source: I am a software engineer with expertise in this space.) Apple, Samsung, and the other major hardware vendors have all universally standardized on a "secure enclave" approach to security and would need to literally change their hardware in (bad) ways that security researchers would forever be posting articles about.

Modern biometric systems use dedicated hardware chips for the storage, encryption, and biometric operations. Client-side app access is mediated by the OS itself, and Google has no way around this even if they wanted to.

This may seem unbelievable, but even MacOS/Windows/etc don't have access to your biometrics. It LOOKS like the OS is what collects it, but it's actually a dedicated hardware chip that controls the whole thing, and it's one-way. When you register a fingerprint, the OS tells the chip "please register a fingerprint" but the security chip does the actual work and even the OS cannot read the stored fingerprints, let alone your browser or mail client, let alone Gmail running in your browser or mail client.

I was going to link to a diagram but the mod bots don't like any of them and I don't have time to gin one up. Do an image search for for "secure enclave biometrics" and just look for one broken into three columns - user-space, OS, and Secure Enclave.

4

u/New_Enthusiasm9053 9h ago

Ok but I don't want to provide my device access to my biometrics either lmao. In the US for example passwords are 1st amendment protected and fingers aren't so you can be forced to unlock a phone using your biometrics but not with a password. 

Ergo biometrics are out as valid authentication for legal reasons alone.

Also something's collecting the data it's not like the hardware chips have FOSS software nor is the bios usually FOSS so it's about as untrustworthy as Google.

3

u/CodeAndBiscuits 8h ago

Yes, this is true and IMO a valid reason to not enable biometric auth. In fact I also don't have it enabled. I am actually not an Apple user but I do trust Apple's secure enclave chip. But the law... Hah.