Google has ignited security concerns over the facial authentication system in its new Pixel 4 smartphone by admitting that it will unlock the device even when the user's eyes are shut.
Google unveiled the Pixel 4 this week to mostly positive reviews, many of which praised the phone for its super-fast new face unlock system, which replaces the fingerprint sensor and works much the same as Apple's Face ID on iPhones, except for one key security feature.
The BBC has discovered that the Pixel 4 can be unlocked even with the user's face even if they're sleeping (or pretending to be asleep). That contrasts with Apple's Face ID system, which engages by default an "Attention Aware" feature that requires the user's eyes to be open for the iPhone to be unlocked. Attention Aware can be disabled for convenience, but the Pixel 4 lacks an equivalent security feature entirely.
Proof, for those asking #madebygoogle #pixel4 pic.twitter.com/mBDJphVpfB — Chris Fox (@thisisFoxx) October 15, 2019
To its credit though, Google isn't hiding this fact. A Google support page reads: "Your phone can also be unlocked by someone else if it's held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag."
To "prepare for unsafe situations," Google recommends holding the power button for a couple of seconds and tapping Lockdown, which turns off notifications and face recognition unlocking.
In early leaks of the Pixel 4, screenshots revealed a "require eyes to be open" setting for face unlock, so it looks as if Google tried to implement a similar feature to Apple's Attention Aware, but couldn't get it working in time for the device's launch.
Speaking before the launch, Pixel product manager Sherry Lin said: "There are actually only two face [authorisation] solutions that meet the bar for being super-secure. So, you know, for payments, that level - it's ours and Apple's."
Cyber-security experts disagree.
"If someone can unlock your phone while you're asleep, it's a big security problem," security blogger Graham Cluley told the BBC. "Someone unauthorized - a child or partner? - could unlock the phone without your permission by putting it in front of your face while you're asleep."
In a statement given to the BBC, Google said it would "continue to improve Face Unlock over time."
Top Rated Comments
It’s why I keep choosing Apple. Whether anyone likes it or not they are *the* authority on smart phones, they singlehandedly created that market.
Like they can ALMOST fully mimic Face ID / Touch ID, but they lack something key that only Apple has.
That’s a fact. The competitors haven’t done anything compelling to make me switch from iOS / macOS / iPadOS etc. I don’t know what it would take haha, but I’ve seen nothing yet.
Always imitated, never duplicated.
Face ID, like Touch ID, is the epitome of Apple doing what it does best - take an emerging product category with a frustrating user experience and then proceed to deliver a polished product made possible by its control over both the hardware and software.
Apple then uses these refinements to justify their high price tags, and the profits that Apple reaps from selling these premium handsets go back towards further improving on and iterating these features. It doesn't take a genius to see how this results in a virtuous upward spiral for Apple.
Conversely, Android phones sport so many different forms of unlocking, and all of them seem quite half-baked, because there just isn't any incentive for any of them to do these features properly. The ROI just isn't there.