It seems that we hear a “controversy” about this a few times a year. X device launches and advertises face unlock, but it only has a single front-facing camera without any of the fancy sensors that the iPhone X launched with. Suddenly people are freaking out because the technology was fooled by a photograph or video of the person.
But that’s the nature of basic face unlock, and it’s been this way since the feature was introduced way back with the Galaxy Nexus. It only uses a basic photo of you and matches whatever the simple front-facing camera sees to the photo stored in the device. It can’t see in 3D, it can’t map the intricacies of your face; it can only match the 2D image it sees to the 2D image it saw before.
This makes it inherently insecure. You hold up a photo to a device with this kind of face unlock and of course it will unlock the device. How can a front-facing camera tell the difference between a person and a photo? It can’t.
This is where Apple went with a different route. That massive controversial notch not only contains a front facing camera, but also an IR flood illuminator, IR camera, and a dot projector. The dot projector projects 30,000 dots across your face to build a map of your facial structure, while the IR system can see far more detail (this is what Microsoft uses for Windows Hello). This whole system works together to map your face in 3D, giving you a security system that can’t be easily fooled. In fact, an amateur will never be able to fool Apple’s Face ID.
Yes, there are a few devices that have the same feature set on the Android side, such as the Huawei Mate 20 Pro (hence the same massive notch as the iPhone X) and then there’s the LG G8 with its secondary front-facing ToF camera which creates 3D mapping data without the need for the dot projector, but most Android phones just use a single camera. Does this make face unlock a bad feature? Absolutely not.
Face unlock is a convenient way to unlock your device without hitting the fingerprint sensor or even pressing a button. Many devices will turn on when lifted and unlock without so much as a swipe. It’ll also keep the average person out, especially when someone steals your phone. It won’t keep someone out if they really want to get into your phone, but this low security method still has some security behind it. And if you’re really worried about security, just use the fingerprint sensor (if your phone has one). That’s an actual biometric security feature.
So stop being surprised every time a new phone like the Galaxy S10 has its face unlock fooled by a photo. This has been happening for almost eight years and will happen again and again with every new phone released. And yet people will freak out, and people will start posting on the internet that it’s a major security flaw. Be smart about your smartphone security, and choose a security method as strong as your use case requires. Face unlock is a perfectly good system as long as you don’t have arch enemies or company secrets on your phone. And if you do, you only have yourself to blame for someone getting into your shiny new S10 with a photo of you from Instagram.