Galaxy Nexus Face Unlock Tricked By Pic: Convenient But Not Secure

One of the cool new features of Android 4.0 demonstrated at the Galaxy Nexus launch event in Hong Kong was something called Face Unlock. Set your phone to “recognize your face” and afterwards you can use the front-facing camera as a method of unlocking your phone, so long as it correctly matches you to the initial picture with which you set up the service.

But what if someone took a picture of you, put it in front of your phone, and was able to sneak into your phone unauthorized? I discussed this the day of the Galaxy Nexus launch, and as someone on Youtube illustrates it’s completely positive, but it shouldn’t be a cause for concern:

In my opinion, no fool would think Face Unlock is about security. We haven’t reached the “Minority Report” level Iris Scanners perfectly identifying individual. Everyone knows Face Unlock on the Galaxy Nexus isn’t the mind blowing feature that financial institutions will immediately start adopting. It’s about quick and easy unlocking. That’s it.

Forget the slide to unlock feature. No, really… forget it. Forget the 9 dot grid pattern unlock. When lighting is good, just pull out your phone, look at it, and you’re in. It’s about elegant simplicity.

I’ll be the first to admit that Face Unlock doesn’t work perfectly yet. I had a bunch of trouble testing it on Galaxy Nexus launch day. But it will get there and Android will be better for it. And note… I said “better” and not “more secure”.

[Thanks Jay!]

Continue reading:

  • Mark Gjoel

    Credit not given.

    • robjackson81

      We were linked to the Youtube video through our PhanTips. We attribute when we can. If you have a source link, we’ll happily link it.

      • Mark Gjoel

        Oh I’m sorry, I was referring to when Google said “give us some credit” as a response to people who ventured that you could break this with an image.

  • durangojim

    why would anyone be surprised?  This is still a great feature, but if you want the highest security, use a passcode.

    • JamesS

      Yup, and you don’t have to wait for decent light as this article points out is needed for face recognition.

  • twiz0r

    Wow, you had trouble testing it on launch day?  What day was that? :)

    • robjackson81

      Whoops. Announcement day ;)

      • Dave Hernandez

        Why is there no info on the razr review post? Blank page.

        • robjackson81


    • Justin Ellenbecker

      He is talking about the launch party in Hong Kong.

  • Raymond Rodgers

    A question I’ve had about face unlock is how does it handle facial hair? I usually let my beard and mustache grow out for most of the year, but every now and then, I get the urge to shave it and do so. If face unlock is only looking at comparing the face to an established picture then I’d find myself locked out of my phone several times per year for several weeks… If it’s doing some actual biometrics work, then my facial hair may not matter… Can someone at Phandroid pose that question to Google/Android?

    • JamesS

      If I remember from launch day correctly, after a few failed attempts, it gives you an alternate way to get in.

      • Raymond Rodgers

        That’s kind of what it looked like in the video above, but I’d love to have confirmation on that just to be sure.

      • Brandon Cole

        From *announcement day, but yea I’ve seen it provide an alternative backup login type if it can’t recognize your face

    • Kevin Cox

      I’ve wondered how it would work with glasses vs contacts. I tend to wear both. Or how would it work outside with sunglasses on.

  • Layman76

    Even better, fingerprint sensor. Atrix 4G, most secure phone out there.
    I may or may not be exaggerating.

    • Dean Politis

      This must not be that important of a feature since Motorola dropped the fingerprint sensor in the Atrix 2.


      What about implementing both a finger print scanner on the back of the phone AND the face unlock feature? That way, your phone has to read your fingerprint at the same time it reads your face. That seems pretty secure to me. Then again, I guess you could just do away with the face unlock and use only the fingerprint scanner.

  • veccster

    I hate lock screens.  Why do most people use them? 

    Particularly, the slide-to-unlock style lockscreens.  What is it protecting you from?  Call confirm seems to be an absolute necessity anyway so pocket dialing shouldn’t be an issue.  There is definitely no security with slider.  So why?  It’s an extra step that seems unnecessary. 

    • Stefan K

      Protection for NOT calling people in your pocket :)

      • Horace

        exactly! calling, emailing, etc… anything you do not want your phone doing in your pocket :)

    • Vincent Teo

      slide to unlock is to prevent you from accidentally awaking your phone and draining the battery when you are carrying it around in your pocket or in your hand. its not to prevent thief from accessing your phone.

  • Zac H

    Well, Face Unlock is about convenience, but it’s also great when your phone is stolen (by someone who doesn’t know you). It’s locked, and if the thief has no idea what you look like or have a picture of you on hand, which may be likely, your phone will remain locked for them. So, it’s more secure than just the slide to unlock in those cases.

  • Dwayne Smith

    There is a face unlock app in the market called Visidon.  It has protection against this trick by waiting for the eyes to blink before it unlocks.

    • robjackson81

      That’s a pretty witty idea. But I imagine that could be tricked with photoshop and an animated gif. Harder to trick… but still not “secure”. Cool though for sure.

      • Stefan K

        For better security the phone should ask for a random emotion :) happy, sad, angry, just put a little interaction in it and it is much more prove against foto’s/video’s…

        Or maybe even say a random word (so the voice AND moving face can be checked :)

        • Raymond Rodgers

          Which comes back to my question about whether it’s using biometrics or just an image (bitmap) comparison. If it’s using biometrics, then this should be possible, if not, it probably would take too much battery draining horse power.

          • robjackson81

            By that point it would just be easier to draw a pattern lol

          • Nudo

            nothing beats a strong password. hasn’t yet

      • Guest

        Or a scissors and two extra strips of paper :)

    • NexusMarts

      it is better if they add voice unlock. this would be a better combination security feature.

    • iphonesinthebackdoor

      the guy says he programmed the phone to open up with that pic, and he doesnt show himself setting it up with his actual face and then demoing it.  hmmmmm suspicious.  has apple written all over it

  • DivorceLawyer

    Face unlock is atleast progress in the right direction

  • Joon Sunn
  • hulk smash

    I agree atrix finger scanner is the best and useful. Galaxy nexus is cool but not 100% useful because it needs a light source. Maybe a flash in the front should be better.

  • sQueezedhe

    But if you leave youf phone in a cab and that cabbie doesn’t have pctures of you handy then you can be sure of an extra level of security.

    Will probably give you time to run planB.

    • thedicemaster

      it doesn’t protect the contents of your sdcard, which may very well contain a photo that can unlock your phone.

      • RedPandaAlex

        Nexus doesn’t have an SD card slot

  • rothnic

    Nevermind, looks like the note in the video clears up the confusion.

  • Matt Kelly

    I frequently give my wife my phone to hold on to for trips, etc.  She likes to use for Google Maps, checking her email, etc.  Does it allow you to have multiple faces stored?  That could also solve the glasses/contacts issue.

    • joejoe509

      Or at least give special permissions to certain faces. Like have a sub-user account that would only have access to certain features/apps. Cool idea. But very complicated.

  • UniqueNate

    Nobody has time to take a picture that’s similar to the one you taken & stealing your phone to unlock it.

  • jonathanbond110111

    Apple: when my iphone 5 come out, it will put this crap to shame

    Samsung: and when your new ipod touch comes out right after, I still wont care

    Apple: I hope I stop all your products from selling

    Samsung: keep dreaming because I hit 10 million sales with the Galaxy SII phones

    Apple: I can’t wait to stop you in your tracks

    Samsung: face it. You got competition and you can’t handle it

    Apple: I can handle anything

    Samsung: stop suing people and prove it

    Apple: stop copying me and you will

    Samsung: copying what? My phone is bigger, badder, and better

    Apple: you also copied my software too

    Samsung: my exynos processor?? Really? Look all you are going to do is put your A5 chip from your ipad into your new iphone 5 and call it majical. I don’t do that.

    Apple: how did you know?

    Samsung: stop being predictable

  • RedPandaAlex

    As others have said, it’ll protect you if a stranger finds your phone, but not if your roommate wants to snoop.

  • jdsingle

    This doesn’t even seem as if anyone should care about this. Face unlock = just a cool feature. Not something you should be using for real security on your phone.

  • Fixxmyhead

    Like a stranger is just going to take a pix of u and then steal your phone.

  • selonmoi

    It still might be more secure than the 9-dot pattern. That’s the method I use, but I’m acutely aware of the grease smear that my fingers frequently leave illustrating my pattern. I try to clean it off as often as possible, but it’s a real problem.

    If you lose your phone and some random person finds it, they won’t have a photo of you. They won’t know who you are or what you look like. And your phone will be pretty safe. That’s good enough for me, anyway. I’m not an international man of mystery.

    • Alek Tritt

      But they could take out the micro sd… oh wait, nevermind!

  • BrianB13

    I’m far more concerned about someone hacking into my phone and stealing information than actually stealing it, getting a pic of me and tricking face unlock.  Although I haven’t tried it yet, wouldn’t you have to match the facial expression used as well?      

  • Ellianth

    For all we know he used the same picture on the screen to set up face unlock. I don’t think he did, but I’m just pointing out how bad the video was.

  • Jacky Chan

    put 2 front facing camera in the next nexus so that it recognize your face in 3d like kinect

  • Maximillion82

    Well this is not really about high security, it is secure enough for most people, or who do you know has a picture of you like this and is at the same time a person who would steal your phone, I guess if that’s the case you should reconsider your friendships (non of my friends who have my picture from such a close front view would steal my phone). But I can see that for certain hardcore security freaks that might not be enough, I mean the type of people who wear a tinfoil or armadillo hat because they think the government is reading their thoughts haha. Okay seriously now for certain corporate users that might be an issue, then just don’t use the feature and keep using the password.

  • wakkoman

    Not secure? Sounds like Google’s MO

    My guess is they never fix it, and instead try to implement some other beta, and buggy way to unlock the phone. 

    Rinse. Repeat.

  • Alex

    @jonathanbond please stop posting stupid conversations between apple and Android companies. They’re really f’ing dumb and annoying.

    • joejoe509

      Agreed. It’s effing stupid, takes a up a ton of screen space, and does nothing to contribute to the conversation. If he wants to post dumb stuff, it should be in the forums, not here. Let’s just don’t give him any attention. He’s just a 12 yr old with bad grammar and an appetite for attention. He’s practically a troll and should be considered as such.

  • joejoe509

    It’s a neat trick and it should stay that way. I just recently bought those SmarTouch gloves (Love ’em! Thanks!), but if you are wearing different gloves, you could use the face unlock to open your phone. And then you could use Sonalight to control the phone from there! Right, Chris? :-)

  • lolobabes

    I thinks this article is wrong, he set the option so that he can unlock using a photo… Unless my eyes deceived me

  • derpydoo

    This is a “gee whiz” feature for fun, not security.  It provides slightly more security than just swipe to unlock.  If you need to secure your phone you use a PIN or a pattern.  This is just a way to show off neat tech tricks.

  • jjrudey


  • lamphan

    Everyone who does computer vision has already known this issue. Surprised when Google uses this method to secure our phones, really stupid!

  • Guest

    Still better than SIRI giving out all your info even when the phone is locked, lol.

    The funny thing is this video makes me want the phone even more!

  • cas_e

    Hmm to me it doesn’t seem surprising at all, and I don’t see why it’s a big deal. I don’t have a pin or unlock code on my phone just out of laziness to be honest, I’m just not that bothered. I’m looking forward to this feature because as the article says “It’s about quick and easy unlocking.” :)

  • Nudo

    This seems like a feature that they had to release just so people wouldn’t think Apple invented it when they come out with their ripoff in a year or two and call it “perfect” and “new” and all that other crap they lie about.

  • Nudo

    CHECK THIS OUT:  it is still “More Secure” than just slide-unlock, which I use now, and will switch to face unlock asap.  P.S. I hope we get this on the Nexus S update!