Google has admitted that the Face Unlock feature in its new version of Android could be fooled by a photo of the user, telling SlashGear that the security system is still in its early stages. The Ice Cream Sandwich feature - which logs into an Android 4.0 device by recognizing a pre-registered face, rather than using a PIN code or other credentials - struggled to recognize Google head of user experience Matias Duarte under the keynote lighting earlier this week, but could, we're told, still be convinced by a snapshot.
Google acquired the facial recognition technology used in Face Unlock when it bought PittPatt earlier this year, a startup that was spun out of Carnegie Mellon University. The recognition engine they developed consists of "tools to search images for faces, determine if faces are the same person, track faces in video sequences, and pinpoint constituent landmarks in faces using a straightforward C-language interface" and has already been used to mine Facebook profiles in third-party research.
"[Face Unlock] will only get better" we were told by a Google representative when we questioned the potential for fooling the system with a still image. Using a photograph to unofficially log in "might work" they conceded, but only because the technology is still relatively young.
Android 4.0 Ice Cream Sandwich demo:
Still, while Google is undoubtedly refining its recognition engine, it's a potentially embarrassing hiccup in the new Android platform. Google isn't the only one to come in for great attention over possible security flaws: earlier today, researchers criticized Apple's Siri voice recognition system because, by default, it can be accessed even when the iPhone 4S is PIN-locked, giving anybody who picks the phone up the ability to send messages and use its other features.
Update: It's worth noting that another Google Androider, Tim Bray, has previously said that Face Unlock should be able to differentiate between a photo and a real person.
Samsung Galaxy Nexus hands-on: