It appears that Apple's Touch ID can be used in lieu of entering your PIN for a corporate EAS account on your phone. This is obviously a great convenience especially if your work requires a longer 6-8 digit PIN instead of 4. What I find odd is that Apple is able to do this without being explicitly allowed by the corporate EAS policy. It seems like just because you have to set a PIN initially, that this is good enough for EAS and Apple can satisfy the PIN requirement with Touch ID from there on out. I think Touch ID is much more secure than a PIN so there shouldn't be much reason why a corporation would want to block it, but isn't it odd that they can't?
Similarly, why can't the same be done with face unlock or pattern on Android? Admittedly I don't think either of those SHOULD be considered adequate security as they're both easily defeated - but from an implementation standpoint, how come those two security features are allowed to be disabled by EAS but Touch ID is allowed to work in lieu of a PIN? Is Apple "faking" a PIN success to make this work?
Finally...is anyone considering switching from Android purely for this feature? If you hate entering a lock screen PIN for EAS, it seems the only other option with Android is to use something like TouchDown which only requires your PIN for getting into the app instead of your phone. This is actually a really good idea to keep things separate and to avoid encrypting/locking your whole phone, if corp wants to wipe, they just wipe the data in TouchDown instead of the whole device. I'm not sure why more apps, including the stock Email app, don't offer this as an option.
Similarly, why can't the same be done with face unlock or pattern on Android? Admittedly I don't think either of those SHOULD be considered adequate security as they're both easily defeated - but from an implementation standpoint, how come those two security features are allowed to be disabled by EAS but Touch ID is allowed to work in lieu of a PIN? Is Apple "faking" a PIN success to make this work?
Finally...is anyone considering switching from Android purely for this feature? If you hate entering a lock screen PIN for EAS, it seems the only other option with Android is to use something like TouchDown which only requires your PIN for getting into the app instead of your phone. This is actually a really good idea to keep things separate and to avoid encrypting/locking your whole phone, if corp wants to wipe, they just wipe the data in TouchDown instead of the whole device. I'm not sure why more apps, including the stock Email app, don't offer this as an option.