16
Nov
image

One of the most interesting features in Ice Cream Sandwich is, without a doubt, the new Face Unlock that lets you unlock the phone using your face and the front-facing camera. Before we go any further, please read the following bullet points, as I'd like to clear a few things up:

  • The question of whether Face Unlock can be duped by a photo was raised by many almost immediately after the feature was announced, to which Google responded with "give us some credit".
  • The final verdict will be out only when we can test Face Unlock with actual production units - any results obtained before that are, well, preliminary. Still, they shouldn't be dismissed, as the software may not change. In fact, I have a feeling carriers will try to disable Face Unlock initially because it may seem too new and scary of a tech to them.
  • Face Unlock should not be treated as a secure feature - even Google warns you of that when you try to enable it. It's definitely not the panacea for all our security problems. While I realize this and wouldn't rely on Face Unlock to protect my super-secret CIA-issued EVO 8G, Google's initial, arguable cocky, response is what makes these reports particularly interesting. If they said a photo could trick Face Unlock right off the bat, people wouldn't have made such a big deal out of all these snafus.

The first major report of Face Unlock getting duped by a photo started circulating a few days ago, but many remained skeptical and suggested that the phone was originally programmed using the presenter's photo. Even after seeing the second video where we actually see him do it using his face, some of the skeptics insisted he could have reprogrammed it in the meantime, and therefore the test was not admissible.

Having looked at both the above video and the one you're about to see, I have a theory that Face Unlock struggles especially hard with photos that aren't printed, but rather shown using another device. In both cases, it's the Galaxy Note with a nicely sized screen that ends up duping it - perhaps an LCD display's contrast and brightness make it so much harder for Face Unlock that it can no longer distinguish photos from reality.

All caught up? Good - now watch this video where the presenter first programs the Nexus with his mug, then snaps a photo of himself using a Galaxy Note, and unlocks the Nexus in a flash, all in one video with no interruptions:

And there you have it - more evidence that Face Unlock is not quite there just yet. Will most people still use it? Probably. Is it a cause for concern? Perhaps. Should you, the consumer, be aware of it? Absolutely.

Thanks, Nick.

Artem Russakovskii
Artem is a die-hard Android fan, passionate tech blogger, obsessive-compulsive editor, bug hunting programmer, and the founder of Android Police.
Most of the time, you will find Artem either hacking away at code or thinking of the next 15 blog posts.

  • http://mobiletechview.blogspot.com John, Alabama

    I don't know that face unlock was intended to be completely secure. For the average user it is more than sufficient. Now I do agree that it needs to get more secure, but for average day to day things who is going to have your picture when they pick up your phone?

  • Wunako

    I dont see this as a huge issue at all. I think we all knew from the get-go that it was more of a gimmick then a actual full on security feature. Besides after Duarte couldnt show the full feature we all pretty much figured it was just gonna be something that we would run and brag about to anyone with a iPhone in a 10mi radius.

  • http://twitter.com/Sxeptomaniac Sxeptomaniac

    I'm baffled as to who would be skeptical of the claims that a photo could fool Face Unlock. I'd be amazed if a photo couldn't do that, as it would be some very impressive programming.

    • Franky

      I totally agree.

      Besides, what do those security-enthusiasts expect this to be? A freaking retina-scanner? Stay serious and bear in mind that it's still just a phone!

  • Bas

    Well you can use a photo as some sort of key.

    • GraveUypo

      oh yeah picture unlock. get a nice seemingly random pattern, print it and use that as a key instead of your face

      not sure that works tho.

  • Anil

    Meh, I dont think you can really fix this can you? only way would be to have face unlock then a pin/pattern > which thats makes it a bitch to get into! Seems like this is just some fancy feature that really is just useless but still sort of cool?

  • jgrizz

    Stopped at the 1:30 mark. That guy was ugly.

  • http://www.thegreenrobotblog.co.uk James

    This is a non-story (well, non-complaint)really. In both situations the user has taken a photo on another device in the same situation, so it's going to look very similar. Could you do it with a random picure nicked off Facebook? That would be a better test.
    And in any case- it's not *meant* to be secure. It's more secure than "swipe to unlock" FFS.
    I'm looking forward to playing with the option - oh, and it needs to be fairly "loose" otherwise it wouldn't recognise you 80% of the time!

    • Brendon

      You probably could, the face unlock was meant to be extremely speedy. In some cases it recognizes your face even when out of frame.

    • http://twitter.com/aslack12 Austin

      Seems like Android Police have had a lot of non-stories lately.

  • Justin

    Now we just need 3D front facing cameras. Then we have to hope no one has a 3D photo of us...

    • Kree Terry

      thats kinda what i was thinking, or maybe using a panaroma of you face . idk how it would work, and it could still be foiled pretty easy. but just a thought

  • Aaron

    People keep misunderstanding the purpose of this feature. It isn't for security, IT IS FOR CONVENIENCE! The purpose of the lockscreen is so that the phone doesn't come unlocked in your pocket or when its not intended to. This way, you don't even half to touch the screen, making it simpler and quicker. PIN and pattern unlock is still available for higher security, this is just designed to be quicker and easier than the drag.

    • george

      um since when can android touch screens be unlocked in your pocket? It doesnt work with pressure

      • Mike Saunders

        He said the purpose of a lockscreen is so that it doesn't come unlocked. As opposed to just clicking the physical button that can cause the phone to come unlocked.

      • Seth

        I tried having my lockscreen off for a week or so. Since I keep my phone in my pocket, I found that I could accidentally launch random actions just in the process of taking it out of my pocket. Part of the problem is that the power button sticks out, but I turned the lockscreen back on because the (very minimal) time saved didn't make up for the problems caused.

  • jim

    cool but i can't wait to utilize this feature. most who find you lost phone won't have a picture of you.

  • Kyle

    Don't see the real big deal here. I'm still going to use face unlock on my phone since it's a pretty cool feature. Like someone will have a picture of me on hand to unlock my phone if I misplace it.

  • kam

    Non-issues to me. I generally do not put security protection on my phone because it's always next to me or in my pants. but however, for my tablet, and i hope ICS rolls out to the Xoom fast, i generally leave that in the open more often. But for a stranger to randomly pick up the phone and face unlock it, they would need to know who the phone belongs to first.

  • Peter Van

    Matias Duarte was a guest on the first episode of On The Verge and Joshua asked him about it. Basically his response was that it's meant for if you forget your phone somewhere, you can "silver bullet" (aka wipe) the phone later.

    It's not meant for your friends who happen to have your physical picture/picture on their phone to pick it up, fool your phone, then do stuff to it.

    It's meant as a security for a random person to pick up your phone.

  • http://www.thepixelpuse.com aj

    I'm not worried about this at all. The odds that some stranger has a good enough pic of your face to unlock your phone after he steals it and just happens to know that the specific phone he's about to steal has a face unlock feature that may or may not be activated ont the device, are crazy slim. Also, I don't leave my phone sitting out in bars or anything, it's almost always on my person as they say, so this is totally a non issue to me. Those guys in the video were extremely enthusiastic though! A little annoying, but also kind of refreshing to see people getting excited over tech.

  • http://codytoombs.wordpress.com Cody

    I'm getting a bit annoyed with the fact people are still arguing about this at all. I predicted from the start that this wasn't going to be a secure method of protection (though, I suggested that social network pictures would likely be the source of most "hacking"). Well, obviously it's going to work this way, and I don't see why people expected otherwise, and worse, that many people refuse to believe it still. People are acting like Google failed miserably with this feature, which is ridiculous. This feature is just a stop-gap protection method that will slow down people that want into your phone, not actually stop them (unless it's a thief that doesn't know you). Frankly, most of the people I know that use pattern or PIN unlock methods aren't that secretive with those, so I could get into at least half of their phones anyway...and that's how this method should be seen too.

  • robert

    Lmfao imagine if they try to rob your phone and then try to take a picture so they could unlock it. Stupid like he's gonna look for you on fb so they could unlock it

  • http://www.sassy-sweet.com Keith Smith

    It is very useful if you lose your phone somewhere in public. Everyone seems to be thinking people are going to be carrying around a picture of them to unlock. Think about it. If you are at home then your family member can unlock it. That's about it.

  • Chris

    Sigh. And if you are STILL not convinced, here is Matias Duarte personally stating that it was designed like this, look around the 26-29 minute marker. http://www.youtube.com/watch?feature=player_embedded&v=5K4HImSqR1k

    Please, these discussions are tedious, stop them.

  • Paul

    Think about the most common situation. You leave your phone at the restaurant and a stranger picks it up and tries to use it. They're not going to have a photo of you, they don't even know you.

    It's just a convenient quick security method that's least secure but not completely useless. Google put a warning when you select it that it's the least secure, done, end of story. If a user complains about how easy it is to bypass, by friends/family/coworker/somebody who knows you and has a photo of you, Google simply has to say "look, we told you it's the least secure". But if a stranger/thief/etc. get ahold of your phone, without knowledge of you or much less a photo of you, it'll be protected.

    I'd be more interested in seeing how easy it is to fool with generic photographs. Could you turn it on, set it in front of a computer with a slideshow of a thousand various faces of all shapes/sizes/colors. The computer slideshows through the photo's and would one of them eventually unlock the phone even though it's not the 'real' face of the owner?

  • level380

    who records a video on the first take for a feature his never used before, I smell fud and someone wanting to get some video views on youtube.

    The phone left the video in the middle...... while he was getting his note out. Its still hard to say if this has been faked or not. The guy could have had two nexus devices etc.

    • Calvin

      level380 +5 to you
      unless the Galaxy nexus witch he used to show that he can fool it stays in the camera view at all times (tho it did not) how can one say he did not have two phones one pre set up with a galaxy note pic, and one last thing that's being over looked is the fact that the pic on the note has nothing in the background unlike when he set up the nexus, this make me say (IMO) Fake!

      • http://codytoombs.wordpress.com Cody

        Calvin, I suspect you believe the "Female Orgasm" is also fake because it's never been seen either, right?

        Misspelling and poor sentence structure aside, the thing is that you're arguing the guy is faking the MORE LIKELY scenario. I admit, even in watching the video I thought a couple of the same things, especially wondering why the Nexus spent so much time off screen and specifically why it would end up almost out of reach...and then I realized that it's pretty irrelevant given that there's just no good reason to doubt the findings. It's not a 3d camera, it's not hooked to ADB and it's clearly unlocking without a moving picture, so the only options left are to believe in the validity of the story or to throw reality out completely.

  • LAmDroid

    what if I pick my nose with the face capture? ..
    who would have a picture of me picking my nose?

    • http://codytoombs.wordpress.com Cody

      Do you want to pick your nose every time you want to use your phone? :)

      And people complained about getting fingerprints on their phones in normal circumstances...you will be screwed ;)

  • http://droidsamurai.blogspot.com PixelSlave

    It's no more secure than using a pattern but left a trail of your greasy finger on your phone's screen.

  • Freak4Dell

    I didn't see this as a security feature in the first place. It's just a cool new way to unlock your phone. I personally don't have any sort of lock on my phone aside from the standard lock screen. Why? Because I have my phone in my hands, in my pocket, or right in front of me on the tablet at all times, unless I'm at home (in which case I'll leave it in various places). I feel naked if I start walking and it's not on my person, so I'd instantly notice not having it, and go back for it (and remote wipe if necessary).

  • mostlyDigital

    It's safe enough if someone finds your phone. My concern is that if you're detained by police they can unlock your phone by waving it in front of your face.

  • Eggcake

    First of all - wasn't there a more secure option you could select in the settings? Not sure if I remember this correctly.

    I think it is safe enough. It's as safe as a 4-digit PIN code IMHO. I use a pattern on my android device - because it's convenient. The main reason I lock my phone is that you can't easily read and access my messages and mail account. Or that my friends don't mess with my alarm clock when I leave my phone on the table ;)
    I don't expect that the pattern secures my phone completely. The thing is rooted and you can access the SD card and the NAND very easily. So why on earth would I even THINK my information is secured on my phone?!?!

    The PIN, Pattern and Face Unlock is an easy way to "lock" the phone, nothing more.

    It's the same with laptops. Everyone uses passwords on their windows machines. Well great, and how exactly does this secure your data if someone gets access to your laptop?

    • http://twitter.com/Sxeptomaniac Sxeptomaniac

      It's all about levels of security. It's important to be aware that every bit of security you use has its limitations. The point isn't to make it fool-proof, but to make it more difficult to get the data than it's worth.

      If you're looking for the best security possible, then encryption is the way to go. It's the only way to make it difficult for a person with physical access to the device to steal data. It's more than I need on my phone, but I use it on my laptop.

  • abc123

    It's easy to make face unlock more secure.
    As with a static picture, your face doesn't change. Your eyes don't move, your lips don't move, etc. etc.
    In real life, when you look at the camera, you eyes will most likely move and maybe some other part of your face as well.
    The software just needs to wait for this movement. I'm almost 100% positive that after 5 seconds and the phone hasn't unlocked itself, you will have moved your eyes to see what the hell is going on.
    What google needs to do is that when they train the face unlock, you MUST look directly at the camera. Then during the face unlock, you must also look directly at the camera. Chances are, after a couple of seconds, you will have moved your eyes to the picture of yourself on the screen... then bingo... facial movement.
    To make it even more secure. In addition to recognizing your face, you could also program a sequence of predefined facial expressions... similar to pattern unlock but with facial expressions. So for example, you could have crossed-eyed, frown, wide open mouth, tongue out.... LOL.

    • Edd

      What impressed me in the vid was how quickly the phone unlocked. What you're suggesting, although I get the point, would be an absolute hassle day-to-day.

      I honestly see this as a great light-weight security system, and if people need more, then PINs and what-not are required (or retinal scans :))

  • taylord

    relying on face unlock to keep your phone secure is like relying on siri to call an ambulance for you. it's a novelty, a cool one at that. I doubt that I'll even have it enabled most of the time, but it's a neat thing to have and/or show off.

  • Wyatt

    Really!?! That is your concern? If that is the case you have bigger problems than whether someone can unlock your phone.

  • Dennis

    Moto Atrix fingerprint scanner FTW