Google has ignited security concerns over the facial authentication system in its new Pixel 4 smartphone by admitting that it will unlock the device even when the user's eyes are shut.
Google unveiled the Pixel 4 this week to mostly positive reviews, many of which praised the phone for its super-fast new face unlock system, which replaces the fingerprint sensor and works much the same as Apple's Face ID on iPhones, except for one key security feature.
The BBC has discovered that the Pixel 4 can be unlocked even with the user's face even if they're sleeping (or pretending to be asleep). That contrasts with Apple's Face ID system, which engages by default an "Attention Aware" feature that requires the user's eyes to be open for the iPhone to be unlocked. Attention Aware can be disabled for convenience, but the Pixel 4 lacks an equivalent security feature entirely.
Proof, for those asking #madebygoogle #pixel4 pic.twitter.com/mBDJphVpfB — Chris Fox (@thisisFoxx) October 15, 2019
To its credit though, Google isn't hiding this fact. A Google support page reads: "Your phone can also be unlocked by someone else if it's held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag."
To "prepare for unsafe situations," Google recommends holding the power button for a couple of seconds and tapping Lockdown, which turns off notifications and face recognition unlocking.
In early leaks of the Pixel 4, screenshots revealed a "require eyes to be open" setting for face unlock, so it looks as if Google tried to implement a similar feature to Apple's Attention Aware, but couldn't get it working in time for the device's launch.
Speaking before the launch, Pixel product manager Sherry Lin said: "There are actually only two face [authorisation] solutions that meet the bar for being super-secure. So, you know, for payments, that level - it's ours and Apple's."
Cyber-security experts disagree.
"If someone can unlock your phone while you're asleep, it's a big security problem," security blogger Graham Cluley told the BBC. "Someone unauthorized - a child or partner? - could unlock the phone without your permission by putting it in front of your face while you're asleep."
In a statement given to the BBC, Google said it would "continue to improve Face Unlock over time."
Top Rated Comments
It’s why I keep choosing Apple. Whether anyone likes it or not they are *the* authority on smart phones, they singlehandedly created that market.
Like they can ALMOST fully mimic Face ID / Touch ID, but they lack something key that only Apple has.
That’s a fact. The competitors haven’t done anything compelling to make me switch from iOS / macOS / iPadOS etc. I don’t know what it would take haha, but I’ve seen nothing yet.When FaceID was released it immediately put Apple 2-3 years ahead of everyone else. Leagues ahead.
It’s why I keep choosing Apple. Whether anyone likes it or not they are *the* authority on smart phones, they singlehandedly created that market.
Always imitated, never duplicated.
I think it's more that they lack the resources to refine said feature to the extent that Apple does. Apple does one thing (ie: iPhone X lost Touch ID and gained Face ID), but does it well, and because of this, they went out of their way to really do Face ID properly and ensure it wasn't inferior, security-wise.Most Android phone users really do not care about privacy, they are fine with Google spying on them and sharing their information, so to them, security is just a gimmick anyway.
Face ID, like Touch ID, is the epitome of Apple doing what it does best - take an emerging product category with a frustrating user experience and then proceed to deliver a polished product made possible by its control over both the hardware and software.
Apple then uses these refinements to justify their high price tags, and the profits that Apple reaps from selling these premium handsets go back towards further improving on and iterating these features. It doesn't take a genius to see how this results in a virtuous upward spiral for Apple.
Conversely, Android phones sport so many different forms of unlocking, and all of them seem quite half-baked, because there just isn't any incentive for any of them to do these features properly. The ROI just isn't there.
Great work-around if you have a phone that can be compromised by a $1 screen protector.In all fairness, it isn't really a regression compared to fingerprint scanners which can also be used with a sleeping user.
What I really like on my Samsung phone is 2-level authentication. It comes with a feature called secure folder that can contain apps and data that is separately encrypted and can have different access security. I use this for my banking apps, and have a password on it instead of the fingerprint/PIN combo for my phone itself.
I don't think the pixel has this though. It's part of Samsung Knox.