Youngsters! Pfft. They all look alike!
No, really, they do if you’re the Face ID facial recognition system in Apple’s iPhone X. Specifically, twins, siblings and look-alikes can trip false authentications. Growing kids, with their morphing faces, also baffle the biometric authentication.
Apple said so in a guide (PDF) about Face ID security that it published on Wednesday.
Overall, Face ID is pretty resistant to letting the wrong person log into your phone, Apple said. The possibility of a random person being able to unlock your phone by looking at it is about 1 in 1 million. Not bad, particularly when you compare it with Touch ID, which can be fooled approximately 1 in 50,000 times, Apple says.
But the odds go out the window once you throw in twins, siblings, pre-teens and evil doppelgängers. From Apple’s security guide:
The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed. If you’re concerned about this, we recommend using a passcode to authenticate.
Of course, you don’t have to use Face ID instead of a passcode. And as we noted recently when covering how features in the new iOS 11 will perhaps create fresh headaches for law enforcement, there are reasons why you might prefer to have your phone set up to require a passcode over a biometric sign-on.
Namely, the history of court decisions in the US has tended to lean toward granting Fifth Amendment protection against forcing people to give up their passcodes, given that a passcode is something you know, and the Fifth Amendment protects people from testifying against themselves.
Similar thinking has meant that biometrics, including Touch ID, involve something you are, not something you know, making it kosher to force unlocking with finger swipes as far as the courts are concerned. (N.B. There are court decisions and court actions that haven’t synced up with those interpretations, including the ex-cop who’s suspected of child abuse image trafficking, won’t or can’t give up his passcodes, and is being jailed indefinitely until he does.)
At any rate, even if you do opt to use Face ID – granted, it can be a time-saver if your passcode is as pleasingly plump and considerably complex as it really should be – there are plenty of times when you still have to use a passcode to authenticate on the iPhone X. In its attempt to clarify questions about the security around iPhone X, Apple says you’re required to use a passcode when…
- The device has just been turned on or restarted.
- The device hasn’t been unlocked for more than 48 hours.
- The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.
- The device has received a remote lock command.
- After five unsuccessful attempts to match a face.
- After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.
That’s a list worth paying attention to. Given the soaring rate of forced warrantless device searches at the US border, it’s good to know how to quickly turn off Face ID (though do bear in mind that US Customs and Border Patrol guards may not take kindly to a lack of cooperation).
According to Gadget Hack, which says it gets its info from Craig Federighi, Apple’s senior vice president of software engineering, to disable Face ID in a pinch, just grip the buttons on both sides of an iPhone X when handing it over to another person:
Since a screenshot uses the side button and volume up together, we can assume he means you’d need to press all three buttons – side, volume up, and volume down – simultaneously. We’re not sure how long they would have to be pressed, but it should not take very long since speed is necessary when handing your device over.
On all other iPhone models in iOS 11, press the power button 5 times in a row to activate Emergency SOS, which will quickly disable Touch ID until a passcode is entered.
At any rate, one of the major questions asked about iPhone X Face ID hasn’t been about kids or siblings, per se; rather, it’s about facial recognition algorithms that are trained by white people on mostly white faces. Facial recognition algorithms have hence been found to be less accurate at identifying black faces.
According to its security guide, Apple has taken that into account. The company says that its facial recognition neural networks have been trained with over a billion images, representing people from around the world who hail from different genders, ages, ethnicities, and other factors. The networks have also been designed to work with hats, scarves, glasses, contact lenses, and many sunglasses, be the faces indoors or outdoors, or even if they’re in complete darkness.
Apple says that it’s also devoted an additional neural network that’s specifically been trained to spot and resist spoofing attacks via photos or masks.
Those who are nervous about the privacy of their facial biometrics will be glad to hear that face data won’t be leaving the iPhone X. It won’t be backed up by iCloud, for instance, which is good to hear, given how Apple’s online backup is targeted by so many creeps who phish passcodes in an attempt to get at intimate material in iCloud.
From the security guide:
Face ID data doesn’t leave your device, and is never backed up to iCloud or anywhere else. Only in the case that you wish to provide Face ID diagnostic data to AppleCare for support will this information be transferred from your device.