When Phil Schiller of Apple introduced the public to the iPhone X’s Face ID, fanboys and enthusiasts of Apple have been very skeptical of the vulnerability of the security implementation. After questions from the press asking for more detail on how it works, Apple released an overview of six pages, going more in-depth on the in’s and out’s of Face ID, and the truth is not a good one.
This document explained to us that the Face ID is, in fact, more vulnerable than we were told. Back on September 12, when Phil told the viewers of the keynote to watch out if we have an evil twin, the crowd gave out a little chuckle. Not only is it that easy, but it is also possible for your sibling who is not a twin to unlock it as well.
Along with this, kids whose faces are not fully developed may have issues getting into their new iPhone using Face ID, thinning the demographic for who Apple’s flagship phone is for. Here’s an excerpt from the document: “The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed,” explains Apple. “If you’re concerned about this, we recommend using a passcode to authenticate.”
Now, I don’t know about many of you, but here’s something that I’ve been pondering for a couple weeks about the new face login: you can only log one face. Yes, this sounds stupid at first, but with my iPhone 7, I have logged fingerprints for a select group of trustworthy people that are always around me who sometimes need access to my phone. Instead of giving them the passcode, I give them Touch ID, so they can never go in and change my passcode and/or alter my Touch ID prints while still being able to get on my phone in a pinch.
With Face ID, if you want to have a backup protection so people that sometimes need to use your phone can do such, you will need to tell them your passcode, giving them full clearance to your phone. That seems a little too vulnerable for me, especially if I have people related to me accidentally getting into my phone with their face instead of mine. Now it can dictate whether it’s your face or someone holding a picture to you or a face mask, which is a little bit of an over-the-top scenario for me (I don’t see my boring information needing that much protection), but I’ll take what I can get.
For some, Face ID is a god sent; it gives you access to your phone without hitting a button (if you have raise-to-wake on) and will give you confidence that your face mask will not log someone onto your phone. Others, like me, are completely fine with hitting a button to log into their phone, and because your fingerprints aren’t able to change as often as your face is. All I know is that I do not feel like I am missing out when I skip this year’s line of iPhone’s for next year. Apple, please get your stuff together for next year.