Apple Unmasks Face ID Security

Apple is quelling concerns about its new face scanning technology—a notable and novel feature of the iPhone X–with the release of a technical paper on the phone-embedded technology.

First revealed at Apple’s keynote in early September, Face ID is an update to the now standard and optional Touch ID that grants entry into a phone through a fingerprint.

Apple detailed the advanced technology behind the facial recognition system. The new security feature authenticates a phone’s owner through its TrueDepth camera system. The camera maps the geometry of someone’s face, then Face ID uses neural networks for “matching and anti-spoofing” so only the phone owner can unlock the device.

However, while Apple said the probability that a random person could unlock an iPhone X with Face ID is approximately 1 in 1,000,000, the probability of a false match is different for twins, similar-looking siblings, and children under the age of 13. They explain that Face ID has an issue with under-developed facial features that are less distinct.

The white paper also dove into the way TrueDepth detects, analyzes and matches a face, along with how Face ID can be used with Apple Pay.

“To make a payment within apps and on the web, you confirm intent to pay by double-clicking the [phone’s] side button, then authenticate using Face ID to authorize the payment,” the paper explains.

For the security feature to first be enabled, a passcode is required. Then moving forward, the software detects your face and grants phone entry without the device’s six-number code. Apple said the FaceID isn’t meant to replace a password, just make it easier to unlock your phone in a pinch.

Apple also outlined the six circumstances in which a passcode is in fact required.

  • The device has just been turned on or restarted.
  • The device hasn’t been unlocked for more than 48 hours.
  • The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.
  • The device has received a remote lock command.
  • After five unsuccessful attempts to match a face.
  • After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.