Scanning your fingerprint or iris has been a game-changer when it comes to mobile phone security and accessing sensitive apps. However, using facial recognition as an alternative security option is definitely not a good idea, so says Max Eddy, a PCnet security expert.
Facing up to flaws
Not being able to show what you actually intend to do is the biggest flaw with using facial recognition for security. Being able to unlock a phone even when your eyes are closed doesn’t seem like the safest security system ever designed, yet it’s an issue that’s been recently reported on the Pixel 4 from Google. Whether you’re sleeping, knocked out, or outright dead, Google is still cool with knowing that it’s you wanting to unlock your phone, apparently.
Ever had a child waft your phone in your face demanding to watch videos or play games? Well, if it’s a Google phone, their documentation says that it’s going to unlock whether it’s your intention or not. “Looking at your phone can unlock it even when you don’t intend to,” according to Google’s own site. Things don’t look too safe for twins or those with a doppelganger either – anyone who looks a lot like you will probably be able to crack your Pixel 4. From the horse’s mouth: “Your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed.”
It’s not just a Google issue. Even though you definitely need your eyes open for FaceID on Apple phones, the fundamental issue remains: wherever your face and your phone are, it can be unlocked and used.
Apple has done something to address this issue of whether you’ve actually intended to show your face when using FaceID for Apple Pay. The process to make a payment at the moment is to show your face and then double-tap the lock button. One of these steps could easily be done by accident; you look at your phone without thinking, or you tap the lock button by accident. The chances of doing these actions in the right order, whilst in the process of using Apple Pay are pretty slim.
You looking at me?
Eddy also says that using facial recognition, when compared to other biometrics, is a much scarier proposition. The example he gives is if the police are hunting for a suspect and they only have a fingerprint to go off. They walk into a room and start testing everyone’s fingerprints; those in the room know they’re under suspicion and they can act accordingly whilst the tedious checks are undertaken.
If, instead, the police have a photo and are using facial recognition in their investigation. Without anyone in a room knowing, their faces can be scanned with a discreetly placed camera and some software. Not only is everyone being checked without their knowledge or permission, but behavior and associations can also be monitored in an underhand way.
Although this may not be widespread yet, there is another negative element of facial recognition that’s already being rolled out. In China, police have been given glasses fitted with face identification technology that are designed to find a target person within a large group. In the UK there is an extensive system of surveillance cameras and artificial intelligence is able to use video to match images to faces. Google Photos is also more than capable that with minimal data inputs it can recognize people at all stages of their life. Even in the US, faces are scanned in airports for people flying internationally. The company Ring is working to partner its doorbell-cum-camera invention to police agencies, meaning the authorities could soon be asking citizens for their recorded footage. This is the direction of travel in the field of facial recognition, and it could very well be dangerous.
The bastion of internet privacy – insert upside-down smiley – Facebook, has already blazed trails with facial recognition. It’s recently discussed an app that would have allowed you to scan anyone’s face and identify them with a quick flash of your phone. It’s not a million miles away from them finding your face in pictures and videos as it has been doing for quite some time. Your face data is valuable, and there is a growing number of companies and institutions ready to use it.
As innocuous as FaceID and Face Unlock my feel, Eddy points out that they could be merely a way of normalizing facial scanning. This isn’t something he thinks any of us should get comfortable with.
Biometrics Are Good, Actually
As many ways to get it wrong as there are with biometrics, plenty of companies using the tech are working well to avoid errors. As flawed as the actual use of biometrics is, both Apple and Google have gone to great lengths to ensure the data is secured through abstraction, so at least the information can’t be maliciously extracted and abused – the worst-case scenario.
Even though it’s a lot easier for legal bodies to force you to submit to a biometric scan than to force you to hand over a password, both companies have built-in safeguards. There’s the option to block biometric scanning options for a time period you choose, and this will then force a traditional password request, which is logistically a lot tougher to be compelled to provide.
Even with all the concerns he goes through, Eddy is still generally pro biometrics. A big plus is how much easier they are to use rather than strong passwords, evidenced by the plethora of password manager apps out there. PINs are easy for nefarious people to guess, they’re basically really awful passwords, and ripe to be replaced by biometrics. With the new, easy security it means devices are actually being locked and that keeps everything stored within more secure and encrypted. In the bigger picture, biometrics have made everything safer and more private.
Just because something is an innovation doesn’t mean it’s an improvement. Fingerprint readers, that first debuted on iPhones and are now pretty much ubiquitous, were an elegant solution to the security issue. It’s not easy to unlock by accident, there has to be a clear intention to use it, and it’s inherently secure. So why did the smartphone industry move away from them? There’s no answer forthcoming, but Eddy suspects edge-to-edge screens have played a big part in it.
The answer to bringing biometrics along into an all-screen world isn’t obvious yet, but face scanners definitely aren’t the direction to be going in says the expert.