Face Off: Will iPhone X and Face ID Revolutionize Biometric Security?
Face Off: Will iPhone X and Face ID Revolutionize Biometric Security?
Every September, I find myself glued to a monitor for Apple’s yearly presentation to unveil the newest iPhone. Call me whatever you’d like; fanboy, diehard or sucker, I enjoy seeing the latest and greatest from the tech giant.
Some years, updates to the iPhone are things I feel I can live without. Better cameras, faster speeds and flashy new colors are features that I usually feel don’t warrant an upgrade all on their own. However, this year’s announcement of the iPhone X had me wanting a new phone like never before. Today I’ll be discussing what I think is the standout feature of the new iPhone and why I think it’s going to revolutionize biometric security on devices.
Defining Mobile Phones
In 2007, Apple revolutionized the mobile phone and changed the entire industry forever with the original iPhone. It was expensive, tied to a single network and a complete walled garden when it came to software and hardware. However, it would set the standard for mobile phones for the next decade.
Opponents of the iPhone were around even before the phone had been announced and that trend continues to this day. Whether it’s dislike for the device or the company itself, there’s never a shortage of people pointing out what they dislike about the new iPhone or which device had the same technology before Apple.
I’m not arguing that the iPhone or any of its features have been the first of their kind, but I will say that once a feature or change comes to the iPhone, it tends to become the mainstream in the industry. A great example of this is all the hate that Apple weathered after removing the headphone jack to make space for other components, starting with the iPhone 7.
As soon as the iPhone 7 was announced, people were crying from the rooftops that removing the headphone jack was the worst thing for a phone manufacturer to do. With one fell swoop, Apple had taken away the ability for a user to plug in any device with the ubiquitous 1/8” jack. Not only that, but Apple’s Head of Marketing Phil Schiller was endlessly ridiculed for stating their reason for removing the headphone jack was “courage.”
However, I’d like to draw your attention to the announcement and launch of a brand new phone this year by one of Apple’s competitors, Google. The Pixel 2 was announced in early October and everyone was a bit taken aback by a design choice Google made for their newest device. You guessed it, they removed the headphone jack.
My point with this example is to illustrate something that happens with Apple products. Occasionally, Apple will remove or add features that may seem counter intuitive at the time. Sometimes these features seem like a great idea and sometimes they’re a head scratcher. (Like a single USB-C port on a “Pro” laptop.) However, more often than not, they’re features that are here to stay, like it or not. That brings me to one of the more controversial features of the new iPhone X, Face ID.
Beginning with the iPhone 5S, Apple introduced us to Touch ID, a biometric security feature that allowed a user’s fingerprint to unlock the phone. Many users, myself included, didn’t lock their iPhones prior to the introduction of Touch ID. I considered it too much of a time waste to swipe my lock screen and enter a passcode to unlock my phone. However, with Touch ID, I only had to put my thumb on the home button to unlock the device.
Over the next few years, users began storing more and more important information on their phones and protecting that information using Touch ID. In fact, it was now considered odd to not lock your phone, especially with how easy Touch ID was to use. It definitely wasn’t as fast as just swiping your lock screen with no password, but it was what I considered an acceptable delay to keep my information private.
The announcement of the iPhone X saw the complete removal of the Home Button and the dawn of Apple’s newest biometric security feature, Face ID. No longer do you need to rest your finger on a button to open your phone, you can just raise the phone to your face and swipe up. Apple’s keynote announcement wasn’t even finished before articles and comments were being published citing security concerns with this new technology. After all, other companies had tried facial recognition technology before, with mostly poor results.
However, unlike some of the skeptics, I was extremely excited for Face ID; especially after I did some digging into how the technology actually worked.
The Secure Enclave
One of the most popular arguments you’ll hear against facial recognition technology is not wanting to provide facial data to a device, or more specifically to the company behind that device. Strapping on our medium-sized tin foil hats for just a second, it would be easy to see how uploading thousands of images including your face could allow a company or government to build a substantial facial recognition database. Might make you think twice before uploading that cute snapchat selfie next time.
However, Apple runs their authentication a bit differently using what they call the Secure Enclave. Without getting too technical, this security feature means that the authentication is all performed on the device itself and that no information is sent to a server. So what this means is that when your new iPhone X is scanning your face to unlock the device or authenticate a payment, the information is being encrypted and transmitted to and from the processor directly on the device.
Now, all of this is predicated on the belief that Apple isn’t secretly uploading this information through some sort of backdoor. However, Apple’s had a pretty good track record when it comes to security, including their recent refusal to create a master key for iOS devices.
From A Touch to A Look
With Touch ID, Apple’s statistics showed that there was a 1 in 50,000 chance that someone other than you could unlock your device using Touch ID. That means their information showed that 1 in 50,000 people had a fingerprint enough like yours to “fool” the device into thinking it was you. That might sound like a pretty small chance, but with almost 7 billion people on Earth, that means 140,000 people could potentially unlock your phone.
Face ID improves that number dramatically, with only 1 in 1,000,000 people having a face similar enough to yours to unlock the phone using Face ID. That drops that 140,000 people down to 7,000. However, there’s a specific case where the odds of one of those 7,000 people being around you grows and that’s twins. Multiple tests have shown that identical twins may be able to unlock an iPhone with Face ID and it’s even something that Apple mentioned in their keynote. So if you’re a twin, you may want to consider just using a numerical passcode.
TrueDepth and Attention Detection
Face ID doesn’t work like many think it would, in that it doesn’t just simply take a photo of your face to authenticate. The infrared TrueDepth Camera system uses a dot projector to display a grid of thousands of dots onto your face and based on the pattern of the dots, the system can mathematically calculate whether or not it’s you or someone else. In addition to being a super cool way of mapping your face, it also means that the phone can authenticate you no matter what the lighting conditions are, or whether there’s light at all.
This means that simply holding up a photo of your face won’t fool the system into unlocking. In fact, Apple even claims to have done testing with some of the best Hollywood mask makers to produce 3D masks of people’s faces. In the end, the phone was still able to determine that it was a fake.
In addition to the TrueDepth system, Apple has also provided a feature called Attention Awareness. This simply means that if you’re not looking directly at the phone when it’s authenticating, it won’t unlock. So you can sleep soundly, knowing that someone can’t simply point your phone at your face while you’re snoring away and gain access to your device. This feature can be disabled however, meaning the phone will unlock simply upon recognizing your face.
Face ID in Practice
So now that we’ve got an understanding of the security of Face ID, let’s talk about the actual use of it. I’ve had my iPhone X for almost 72 hours now and I couldn’t be more impressed with Face ID as a technology. Now that I have the feature, I can’t imagine using an iPhone without it. There are a number of subtle things you notice when using Face ID and the first one is how unobtrusive it is.
Several features, when paired with Face ID, make unlocking the iPhone X a speedy and intuitive task. With Raise to Wake, the phone’s screen turns on whenever the motion processor senses you’ve raised the phone up. From there, you can swipe up on the lock screen to indicate to the phone you’d like to unlock the phone.
However, before you’ve even swiped, Face ID has already begun the authentication process and I’ve found that unless I’m specifically trying to beat it, my swipe usually comes after Face ID has already unlocked.
One of the best things about Face ID is what happens if you don’t swipe the lock screen at all. By default with the iPhone X, the contents of notifications are hidden. Rather than the standard method of showing you the app name and then a small amount of content from the notification, the phone simply shows you the app name and “Notification” underneath. However, after raising the phone and allowing Face ID to recognize you, the notifications are unhidden and displayed to you. This sounds simple but it’s a complete game changer in not only privacy, but speed and efficiency.
With older iPhones, 3D touching a notification like a text message would allow you to respond right from the lock screen, but it would require you to place your finger on the home button to authenticate. I found it faster most of the time to just unlock the phone and open the messages app to respond. However, now that you’re not having to put your finger on a scanner, dealing with notifications right from the lock screen is extremely fast.
I’ve found that Face ID is a great feature because it requires less action on my part and makes the iPhone experience much more seamless than previous versions. For instance, using the password manger 1Password with Face ID is a breeze because I don’t need to break concentration and use a Touch ID sensor. I can simply open the app and wait for Face ID to authenticate, then complete my search for the information I need.
The other great thing is how accurate Face ID is. I’ve had only a handful of times when it’s failed to recognize me on the first try and that’s usually been me testing different angles or sunglasses. One downside to the infrared TrueDepth camera is that it’s only compatible with certain sunglasses. My beloved Ray Ban Wayfarers unfortunately don’t allow the sensor to see if my eyes are open. However, the Gatorz Wraptors I have work just fine. I actually think we’ll start to see sunglass companies printing “Works with Face ID” in the near future.
As I mentioned above, Apple has a habit of introducing a feature and fully committing to it. I think Face ID is the next step in biometric security and I think Apple is fully invested in it, so I wouldn’t hold out hope on Touch ID making a return in the future. Honestly at this point, I wouldn’t want to go back to Touch ID anyway.
While this article focused heavily on the Face ID feature of the iPhone X, there are a ton of other features that make this iPhone such a great device. Things like the OLED screen spanning almost the entire device, as well as the “wireless” charging. (It’s actually inductive, but it’s still super cool.) If you’re on the fence about picking one up, I’d highly recommend it.