askST: Apple's Face ID - just how smart, and just how safe?

iPhone X sensors can tell a photo from a real face, and Face ID data is stored in a secure enclave

Reader Anpa Lee wrote in to askST: "I am curious about iPhone X's facial recognition feature. How does it work? How accurate or reliable is it? Are there dangers of it being hacked into?"

Reporter Lester Hio answers.

Apple's hottest toy this year, the iPhone X, is the tech giant's biggest departure from its traditional iPhone design to date, featuring a bezel-less, edge-to-edge screen that does away with the Home button.

This means iPhone X users no longer have the option of unlocking the phone with the biometric fingerprint sensor which was located on the Home button.

Instead, they must use what Apple calls Face ID, a facial recognition technology that scans, stores and uses facial biometric data to unlock the phone by having the user simply look at it.

HOW IT WORKS

Biometric face recognition technology in smartphones is not new. A rudimentary form of the technology was introduced in Android smartphones back in 2011, called Face Unlock, in the Android 4.0 update.

It stores a simple photo of the user's face which the phone uses as a baseline for verification. But that led to reports of users being able to unlock the phone with a picture of themselves.

Apple's Face ID goes beyond simple 2D image recognition. The iPhone X sports infrared and 3D sensors - or what Apple calls True Depth - that map out the entirety of the user's face: every crevice, contour, cranny and curve.

An iPhone X user setting up Face ID on his phone. The phone uses infrared and 3D sensors to make a comprehensive map of a user's face. It is smart enough to detect changes to a face, such as with spectacles or a new beard, but cannot tell identical t
An iPhone X user setting up Face ID on his phone. The phone uses infrared and 3D sensors to make a comprehensive map of a user's face. It is smart enough to detect changes to a face, such as with spectacles or a new beard, but cannot tell identical twins apart. PHOTO: BLOOMBERG

These are mapped out with a dot sensor that projects 30,000 dots on a user's face to capture as accurate a mould as possible. These sensors effectively take a 3D image of your face, which means the iPhone X will not be fooled by hackers waving a life-size photo of your face in front of the camera.

Each time you move the iPhone X up to unlock it, the sensors scan your face and compare it to the stored data to authenticate your identity. The technology also allows Face ID to work - somewhat - in the dark, as it uses infrared and depth sensors instead of pure image that requires light.

ACCURACY AND RELIABILITY

Apple says Face ID is integrated with software that can learn and detect changes to a face, such as if one were to wear a hat or grow a beard.

Face ID will also work with spectacles and other accessories, although there have been reports of the phone being thrown off by too-wide sunglasses that confused the sensors.

It is also smart enough to detect when your eyes are open or shut. This means that friends cannot steal your phone in the dead of night and put it in front of your sleeping face to unlock it and get into your dirty secrets.

But one flaw still remains - the "Twin Test". The phone cannot tell apart identical twins.

SECURITY IMPLICATIONS

As with any feature that asks for personal information, security is a natural concern.

 

Apple encrypts and stores Face ID data in what it calls a secure enclave, which is a storage space in the iPhone X that other apps do not have access to and is not backed up on iCloud. This means the selfies you take, which are stored in your camera roll or uploaded to iCloud, are actually more at risk of being compromised than Face ID data.

App developers do not have access to Face ID data. When an app prompts for facial unlock, the phone refers to the information in the secure enclave, verifies the user, and sends back a yes or no answer to the app as authentication.

Those who are still uncomfortable with using Face ID can opt not to use it, sticking instead to keying in a PIN at the cost of convenience.

A version of this article appeared in the print edition of The Straits Times on November 11, 2017, with the headline 'Apple's Face ID: Just how smart, and just how safe?'. Print Edition | Subscribe