Not all smartphone face unlock features are created equal. Android has long had such a basic feature and so did Windows 10. Apple’s Face ID, however, introduced a new level of sophistication, not to mention marketing, that may have made consumers presume that every device advertising “face ID” features would offer the same security and accuracy. As the recent OnePlus 6 face unlock spoofing incident demonstrates, however, that’s definitely not the case. And, to be fair, that was never the case for OnePlus in the first place.
Unlocking smartphones or even laptops using faces have been around for quite a while now. Those used very basic hardware and software to detect a face. Apple’s Face ID raised the bar thanks to its 3D face mapping and advanced algorithms. Despite what the marketing says, however, few smartphones have yet to achieve that same effect.
The OnePlus 6 is definitely not one of them. With few exception, like Huawei’s or Samsung’s flagships, most smartphones, even high-end ones, don’t have the proper hardware to create a 3D map of your face or even distinguish a live face from a printed one. The latter is exactly what Twitter user @rikvdujin claimed to have accomplished by fooling the latest flagship killer with a simple photograph.
But before you bring out the pitchforks and light up the torches, OnePlus wants you to know that it isn’t a big deal. Even back in the OnePlus 5T, the company has been saying that its Face Unlock feature is made for convenience, not security. For operations that require more reliable biometrics, it will require fingerprints or passwords at least. Here’s the full statement given to phoneArena:
“We designed Face Unlock around convenience, and while we took corresponding measures to optimise its security we always recommended you use a password/PIN/fingerprint for security. For this reason Face Unlock is not enabled for any secure apps such as banking or payments. We’re constantly working to improve all of our technology, including Face Unlock.”
This is pretty much the same disclaimers that even the likes of Samsung make. Despite touting the speed and accuracy of its face and iris recognition features on the Galaxy S9, Samsung still doesn’t allow those to be used for secure transactions like mobile payments. Android users might not want to hear it, but it might be a while before they can have the same assurances as something like Face ID.