New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Google Pixel 4's Face Unlock Feature Works With Eyes Closed, Sparking Security Concerns

Google has ignited security concerns over the facial authentication system in its new Pixel 4 smartphone by admitting that it will unlock the device even when the user's eyes are shut.


Google unveiled the Pixel 4 this week to mostly positive reviews, many of which praised the phone for its super-fast new face unlock system, which replaces the fingerprint sensor and works much the same as Apple's Face ID on iPhones, except for one key security feature.

The BBC has discovered that the Pixel 4 can be unlocked even with the user's face even if they're sleeping (or pretending to be asleep). That contrasts with Apple's Face ID system, which engages by default an "Attention Aware" feature that requires the user's eyes to be open for the iPhone to be unlocked. Attention Aware can be disabled for convenience, but the Pixel 4 lacks an equivalent security feature entirely.


To its credit though, Google isn't hiding this fact. A Google support page reads: "Your phone can also be unlocked by someone else if it's held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag."

To "prepare for unsafe situations," Google recommends holding the power button for a couple of seconds and tapping Lockdown, which turns off notifications and face recognition unlocking.

In early leaks of the Pixel 4, screenshots revealed a "require eyes to be open" setting for face unlock, so it looks as if Google tried to implement a similar feature to Apple's Attention Aware, but couldn't get it working in time for the device's launch.

Subscribe to the MacRumors YouTube channel for more videos.

Speaking before the launch, Pixel product manager Sherry Lin said: "There are actually only two face [authorisation] solutions that meet the bar for being super-secure. So, you know, for payments, that level - it's ours and Apple's."

Cyber-security experts disagree.

"If someone can unlock your phone while you're asleep, it's a big security problem," security blogger Graham Cluley told the BBC. "Someone unauthorized - a child or partner? - could unlock the phone without your permission by putting it in front of your face while you're asleep."

In a statement given to the BBC, Google said it would "continue to improve Face Unlock over time."

Top Rated Comments

(View all)

4 weeks ago
When FaceID was released it immediately put Apple 2-3 years ahead of everyone else. Leagues ahead.
It’s why I keep choosing Apple. Whether anyone likes it or not they are *the* authority on smart phones, they singlehandedly created that market.
Rating: 50 Votes
4 weeks ago
It’s interesting that Samsung and Google can copy Apple soooo closely, but pull up a little short.

Like they can ALMOST fully mimic Face ID / Touch ID, but they lack something key that only Apple has.
[automerge]1571396855[/automerge]


When FaceID was released it immediately put Apple 2-3 years ahead of everyone else. Leagues ahead.
It’s why I keep choosing Apple. Whether anyone likes it or not they are *the* authority on smart phones, they singlehandedly created that market.


That’s a fact. The competitors haven’t done anything compelling to make me switch from iOS / macOS / iPadOS etc. I don’t know what it would take haha, but I’ve seen nothing yet.
Rating: 26 Votes
4 weeks ago
Haters, face it (no pun intended). FaceID represents innovation. Just not flash (another pun not indended). That has always been apples strength.

Always imitated, never duplicated.
Rating: 23 Votes
4 weeks ago
I thought it would be just 1yr for everyone else to replicate the tech inside iPhoneX. But there are not much phones having face ID even after 2 yrs. Then I thought maybe not many are interested in that tech. But now I know, it must be gruesomely difficult and expensive. I mean, someone like Google trying and failing. Can't imagine plight of other small manufacturers.
Rating: 21 Votes
4 weeks ago


Most Android phone users really do not care about privacy, they are fine with Google spying on them and sharing their information, so to them, security is just a gimmick anyway.

I think it's more that they lack the resources to refine said feature to the extent that Apple does. Apple does one thing (ie: iPhone X lost Touch ID and gained Face ID), but does it well, and because of this, they went out of their way to really do Face ID properly and ensure it wasn't inferior, security-wise.

Face ID, like Touch ID, is the epitome of Apple doing what it does best - take an emerging product category with a frustrating user experience and then proceed to deliver a polished product made possible by its control over both the hardware and software.

Apple then uses these refinements to justify their high price tags, and the profits that Apple reaps from selling these premium handsets go back towards further improving on and iterating these features. It doesn't take a genius to see how this results in a virtuous upward spiral for Apple.

Conversely, Android phones sport so many different forms of unlocking, and all of them seem quite half-baked, because there just isn't any incentive for any of them to do these features properly. The ROI just isn't there.
Rating: 20 Votes
4 weeks ago


In all fairness, it isn't really a regression compared to fingerprint scanners which can also be used with a sleeping user.

What I really like on my Samsung phone is 2-level authentication. It comes with a feature called secure folder that can contain apps and data that is separately encrypted and can have different access security. I use this for my banking apps, and have a password on it instead of the fingerprint/PIN combo for my phone itself.

I don't think the pixel has this though. It's part of Samsung Knox.


Great work-around if you have a phone that can be compromised by a $1 screen protector.
Rating: 16 Votes
4 weeks ago
In all fairness, it isn't really a regression compared to fingerprint scanners which can also be used with a sleeping user.

What I really like on my Samsung phone is 2-level authentication. It comes with a feature called secure folder that can contain apps and data that is separately encrypted and can have different access security. I use this for my banking apps, and have a password on it instead of the fingerprint/PIN combo for my phone itself.

I don't think the pixel has this though. It's part of Samsung Knox.
Rating: 15 Votes
4 weeks ago
BuT iT's fASter tHaN tHe IphOne
Rating: 12 Votes
4 weeks ago
Is it just me or Pixel 4 is not very exciting?
Rating: 12 Votes
4 weeks ago


In all fairness, it isn't really a regression compared to fingerprint scanners which can also be used with a sleeping user.


This is the best point I've seen on the thread - no one seems to talk about this, yet always touts Touch ID's superiority to Face ID.
Rating: 12 Votes

[ Read All Comments ]