How Secure is Apple's FaceID on the iPhone X?

Apple unveiled its premium smartphone, the iPhone X, during their annual keynote on Tuesday. Perhaps the most intriguing and talked-about new feature is FaceID. Although Apple claims it’s more secure than TouchID, the new technology raises a lot of questions.

FaceID is an intriguing new feature that lets you unlock their iPhone with a simple gaze, after the operating system has learned what you look like. So how does it work? The iPhone X utilises various sensors at the same time, recognising your face with what Apple are calling the TrueDepth camera system. 30,000 invisible dots are beamed onto your face to build a face map, and the ‘flood illuminator’ helps confirm your face even in low light. Then, an infared camera reads the dot pattern, and sends the information to the iPhone’s A11 Bionic chip to process your face’s image and confirm it’s a match. FaceID replaces TouchID, since the iPhone X has no home button, and the data behind the FaceID lock will be encrypted like before. There isn’t really any reason not to use iPhone encryption – if your phone is lost or stolen, nobody will be able to access your data.

With FaceID, your face becomes your secure password – but is it safe? Apple claims that FaceID is more secure than TouchID, with a 1 in 1,000,000 chance of the system being fooled. There has been some concern that the technology could be tricked by a photograph, which isn’t entirely out of the question. Samsung’s latest smartphone, the Galaxy Note 8, also features a face scanner. However, a web developer, Mel Tajon, found that the sensor could be fooled using a photograph. Apple does seem to be positioning itself as the more secure handset with facial recognition with its depth sensing technology, but with little independent testing done so far, it’s difficult to know exactly how secure FaceID is. Apple claim that FaceID will be able to recognise the basic shape of your face, and will still work even if you grow a beard or change your hairstyle.

Like the data gathered from your fingerprints for TouchID, the data gathered from FaceID is stored on a secure enclave, which is basically like a separate, encrypted drive on your phone. But does this necessarily mean you’re facial data will be safe? Apple have announced that apps not made by Apple will be able to use FaceID, in the same way that TouchID is still used by many apps as authentication. How safe your data is hasn’t been disclosed by Apple yet, but could third parties collect your data via apps, perhaps to sell to advertisers. Then there’s the issue of thieves being able to unlock your iPhone simply by waving it in front of your face before running off with it. Apple says FaceID won’t work if the user has their eyes closed, but is it practical to close your eyes in lightning-fast situations like this?

Apple FaceID