Apple introduced its new iPhones this week: iPhone 8, iPhone 8 Plus — and iPhone X. While the first two phones are more typical iterations of prior models, iPhone X is a leap forward. That leap forward comes with a higher price tag, and a new way of unlocking the iPhone: Face ID.
Unlike the fingerprint reader found in other new iPhones and other smartphones, Face ID uses technology to unlock the phone by authenticating your face. It is designed to only become unlocked when the user is looking at the iPhone X with their eyes open. Of course, this brings up a number of security questions.
How Does It Work?
Face ID works using Apple’s new TrueDepth camera system. The system uses an infrared camera, flood illuminator (to identify your face when it’s dark), and a dot projector (which creates your unique facial map). The tech is designed to identify your face in a near instant.
As in the case of Touch ID’s fingerprints, iPhone X does not store your facial map in iCloud. Instead, the facial map is stored on the phone itself, in the encrypted and protected Secure Enclave.
Face unlocking technology is not new in the smartphone space, as a number of other phones have used it before — face unlocking first turned up on Android phones in 2011. As you might expect, though, Apple is doing it differently. Apple’s system is designed to be both fast and secure, while Android phones have offered face unlocking mainly for convenience, not security. (Samsung has since started using iris scanning technology for security reasons.)
Who Has Access To Face Data?
Apple has noted that Face ID can be used for Apple Pay and third-party apps, just like Touch ID. As mentioned, the facial map will only be stored on a user’s iPhone itself — the phone will essentially tell a third-party app whether the facial unlock was accepted, without giving the third party access — though people still have concerns. U.S. Senator Al Franken recently wrote a letter to Apple CEO Tim Cook asking for more information on the technology.
Among other questions, Franken wants to know if there’s a way for “either Apple or a third party to extract and obtain usable faceprint data from the iPhone X.” Additionally, the Minnesota senator asks if Apple can “assure its users that it will never share faceprint data” with any third party. If designed as advertised, not even Apple will have access to the data, as it will only be stored and read on the user’s phone.
Is It Hackable?
It’s virtually impossible at this point to make a biometric system that’s completely “unhackable,” but Apple is doing all it can. Apple claims its system can’t be hacked by photographs of your face, and the company’s keynote even showed a number of photorealistic masks that allegedly could not fool the system. Apple also said that while 1 in 50,000 people has a chance of cracking your Touch ID with their own fingerprint, the chance of a random person unlocking your iPhone X with Face ID is 1 in 1,000,000.
The company did note, however, that your closest relatives would likely have an easier time fooling the system. Identical twins in particular shouldn’t consider the system to be completely safe, for obvious reasons.
How Well Will It Work?
As with any new tech product, we’re not really going to know how well Face ID works until people are out in the real world, using iPhone X in real situations. There are justifiable concerns about ergonomic considerations — will users have to hold their phones and faces in a way that makes it too awkward for easy use? How well will Apple’s neural engine really be able to adjust to user’s facial changes: sunglasses, haircuts, beards, scars, and more? And will it be easy for law enforcement to force people to unlock their iPhones with their faces?
Apple does have a good track record on this sort of thing — there have been relatively few complaints about Touch ID, especially as it’s become more refined over time. Time will tell if Face ID will be accepted and appreciated in the same way. (And of course, you can still use a passcode.) Apple is due to start shipping iPhone X on Nov. 3.