When Touch ID, Apple’s fingerprint sensor, first emerged on the scene with last year’s launch of the iPhone 5s, it was dispelled by many as a gimmick. It quickly emerged that it was anything but – rather a very refined measure that enhanced security and promoted seamlessness. With iOS 8, Apple has further expanded Touch ID’s reach, adding third-party support allowing banking, password management and other such apps to reap the fruits of the implementation. It’s still not without its fair share of limitations, though, and among them, the fact that it doesn’t immediately allow a user to log in right after a reboot. It has now emerged that this isn’t an arbitrary decision imparted by Apple, but actually, is due to the secure infrastructure upon which Touch ID is based.
The Cupertino company makes a rather regrettable habit of imposing restrictions throughout its products that many users and developers deem unnecessary. But in this instance, there’s method to the apparent madness, and as per a clarifying document posted on the Mac maker’s support page, we now also know just how meticulous and complicated Touch ID is compared with the numerous other hardware components.
Neither Touch ID, nor iCloud, nor iOS stores your fingerprint data, but a mathematical version of your print is buried deep within what is known as the "Secure Enclave". Segregated from the rest of the system, it’s also locked with a key, and cannot be reverse engineered to then reveal the actual fingerprint.
As the document continues:
Your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.
The Secure Enclave merely passes on the message that the fingerprint data is indeed legitimate, but otherwise, keeps itself to itself in the name of security.
The TL;DR version of the above explanation is simple; for the device to access the fingerprint data so that you can use Touch ID, you must log into your device using a passcode no matter what when you’re booted up. When you’re not logged in for the first time, the device doesn’t have access to the Secure Enclave… thus no Touch ID in the first go.
Not that it’s much of a labor putting in a Passcode every once in a while, but it’s good to know that the measure is in place for the greater good, rather than adding to the sizeable list of features that Apple has watered down without rhyme or reason.