Facial recognition on Android isn't the most robust method of securing your phone; it even says as much when you set it up. It shouldn't be very surprising, then, that it can be fooled by what is probably the least likely thing someone trying to get into your device will have access to: a lifelike, 3D-printed replica of your head.
Forbes tested facial recognition unlock methods against a creepy 3D-printed head on a handful of devices: OnePlus 6, both Samsung's Galaxy S9 and Note 8, the LG G7 ThinQ, and the iPhone X. Of the five, only Apple's was able to detect that it wasn't looking at the genuine article.
So what does this tell us about device security? Well, nothing, really. Forbes's test used a custom-made, £300 facsimile of a noggin, painted to look real — which is a thing literally nobody trying to get at your data would have. Besides, we already know that Apple's Face ID is superior to similar systems on many Android phones; the OnePlus 6 can be tricked into unlocking by a black and white photograph.
Convenience always comes at the expense of security. A strong 30-character password would be nearly impossible for a phone thief to guess, but it makes using your device a pain. Fingerprint or face unlock are a lot quicker, but in principle, easier to bypass — but they're probably good enough for most people.
Just as a precaution, if you've got a hyper-realistic sculpture of your own head in the house, maybe don't keep it next to your phone.