10th November 2021, Kathmandu
Face unlocking technology is not the same on all smartphones; some are more secure than others. This is why.
Facial recognition is becoming more widespread on personal devices such as smartphones and computers. On the surface, the concept appears futuristic; only a few years ago, most of us needed a PIN, password, or pattern to open our gadgets.
Despite the technology’s increasing popularity, you should be aware that not all face recognition solutions are created equal. Some strategies are more secure by default than others, while others have options that can be changed to reduce the possibility of an attacker fooling them.
With that in mind, let’s look at the many sorts of facial recognition algorithms currently in use. Later, we’ll talk about the security of the function and whether or not you should enable it on your devices.
Face recognition using a camera
As the name implies, this method uses the front-facing cameras on your device to recognize your face. Since the introduction of Android 4.0 Ice Cream Sandwich in 2011, almost all Android smartphones have had this capability. Because fingerprint sensors were not as common as they are now, it was the initial biometric unlock option.
When you first enable the feature, your device prompts you to take images of your face from various angles. It then extracts your facial features with the help of a software program and saves them for later use. Every time you try to unlock your device after that, the reference data is compared to a live image stream from the front-facing camera.
The precision of the system is mostly determined by the software methods used, so it is far from flawless. When devices have to account for variables like varied lighting conditions, changes in appearance, and the use of facial accessories like eyeglasses, jewelry, and even masks, it becomes even more challenging.
Implementations of camera-based facial recognition must strike a careful balance between accuracy and speed.
While Android provides facial recognition APIs, smartphone manufacturers have created their own solutions over time. The overall goal was to enhance the device’s identification speed without sacrificing too much accuracy. However, some implementations have a history of going too far and being fooled into accepting an image.
Facial recognition with infrared technology
While most smartphones come with a front-facing camera, infrared facial recognition requires additional hardware. On the other hand, not all infrared-based facial recognition solutions are created equal.
The first type of infrared-based facial recognition involves obtaining a two-dimensional picture of your face in the infrared spectrum, similar to the prior method. The main benefit is that infrared cameras don’t require your face to be well lit and can even work in low-light situations. Infrared cameras use thermal energy or heat to generate an image, making them far more resistant to infiltration efforts.
Take a look at the Microsoft picture below, which shows how infrared cameras perceive photos and screens.
Two-dimensional IR facial recognition is now largely seen on higher-end computers under the Windows Hello banner. This includes Microsoft’s Surface computers as well as other business laptops. External webcams with IR-cameras certified for Windows Hello, such as the Logitech Brio 4K, are also available.
Even in dimly lit areas, infrared sensors can recognize your facial features.
While 2D infrared facial recognition is currently far superior to standard camera-based systems, there is a better option. Face ID, for example, captures a three-dimensional representation of your face using an array of sensors. It accomplishes this by projecting thousands of small invisible dots on your face using a flood illuminator and a dot projector. The placement of the dots is then measured by an infrared sensor, which builds a depth map of your face.
Which is better, infrared or camera-based facial recognition?
Face recognition based on infrared technology is significantly safer. If you insist on using camera-based facial recognition, keep in mind that most device manufacturers will not allow you to utilize it for more sensitive applications.
The Google Mobile Services certification program, for example, requires minimum security standards for various biometric identification techniques on Android. Unlock less secure mechanisms, such as camera-based face unlock, are regarded as a “convenience.” Simply said, you can’t use it to verify your identity in sensitive apps like Google Pay or some financial apps.
You can unlock your phone with camera-based facial recognition, but you can’t use it for critical apps like Google Pay.
IR-based implementations, on the other hand, are unanimously recognized as more secure.
Face ID, for example, is trusted enough by Apple to be treated similarly to fingerprint sensors and passwords. Not only can you use it to unlock your device, but you can also use it to autofill password fields and authorize purchases. Windows Hello can also be used to unlock password managers and enable speedier web browser payments.
What about your privacy?
Given the contentious nature of facial recognition, you might be unsure whether keeping your biometric data electronically is a wise idea. The good news is that you don’t have to be concerned.
Most operating systems that allow biometric unlocking techniques employ special safeguards to ensure that sensitive data, such as your fingerprints and facial features, is saved safely.
Biometric data in smartphones is usually encrypted and stored in a security-hardened piece of hardware within the device’s system on a chip (SoC). Qualcomm features a Secure Processing Unit in its SoCs, making it one of the major chipmakers for Android handsets. Meanwhile, Apple’s safe subsystem has been dubbed “Secure Enclave” on its SoC.
In other words, third-party applications and, in most cases, an attacker is unable to access your biometrics.
Should you utilize your smartphone’s facial recognition feature?
Facial recognition is likely the quickest and most convenient way to unlock your device, especially if it’s your sole biometric authentication option. Aside from the convenience, it’s a little harder to crack than regular passwords and PINs.
After all, a casual glance at your screen could allow someone to listen in on your text or pattern inputs.
Camera-based facial recognition technologies, on the other hand, don’t fare well against determined invaders. As we’ve already seen, implementations differ dramatically amongst vendors.
If you’re concerned about security, these limitations make it an unsuitable solution.
While secure, IR-based systems have become increasingly uncommon in recent years. Most mobile devices, except the iPhone and iPad Pro, no longer have the necessary sensors. Many Android devices, from mid-range to flagship, used to come with dedicated infrared hardware. Iris recognition on the Galaxy S8 and S9, soil-based face unlock on the Pixel 4, and 3D Face Unlock on the Huawei Mate 20 Pro are just a few examples from recent years.
The battle to reduce the top bezel and display notches on current devices, however, has left no room for extra sensors.
Some phones don’t even have proximity sensors, relying instead on software-based algorithms to detect if you’re holding your phone against your face.
In the drive to get rid of bezels and notches, infrared sensors for facial recognition vanished.
Despite its decreasing importance in the Android ecosystem, it’s feasible that IR-based facial recognition will make a comeback at some point.
With devices like the Galaxy Z Fold 3 now sporting under-display fingerprint sensors and cameras, it’s only a matter of time before infrared sensors get the same treatment.
Should you rely on facial recognition technology to protect your sensitive data until that day comes? Most people will find IR-based systems secure enough, especially if it’s a depth-aware configuration like Face ID.
It all depends on your risk tolerance when it comes to camera-based facial recognition. If your smartphone has other authentication options, such as a fingerprint sensor, those are probably your best bets.
