Thats true. I’m assuming it’s either a thumb or index finger, and that can be done to any unaware person. At least Face ID requires focus.
For the record I don’t mind Touch ID, I just disagree with the superiority comments.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Google Pixel 4's Face Unlock Feature Works With Eyes Closed, Sparking Security Concerns
- Thread starter MacRumors
- Start date
- Sort by reaction score
Thats true. I’m assuming it’s either a thumb or index finger, and that can be done to any unaware person. At least Face ID requires focus.
For the record I don’t mind Touch ID, I just disagree with the superiority comments.
So I’m curious. What do you tell them?
I would have thought that by now the Android OEM’s would have figured out both Face ID and underscreen Touch ID, but that isn’t the case.
in the case of underscreen fingerprint scanners, this is probably why we haven’t seen it from Apple. The technology for this is just a lot harder than current state of the art.
OK so you didn't understand how Soli works.
"iPhones from the 6S" don't have an equivalent feature. The correct wording which is used on Apple's site is:
Use Raise to Wake the iphone. Iphones don't have a sensor that can wirelessly understand movements and intentions or humans near the device.
I recommend taking a look at the link I posted previously, it makes it obvious how Solie helps speed up the face unlock process on the Pixel 4.
It really can't do something like that. Even if somehow somebody manages to unlock the phone because it's owner is sleeping, there's no way it can unlock the bank app or make any type of mobile payments.
Last edited:
No it's simply faster. There's no way you can get as fast to the home screen on an iphone.
The simple fact is Google just removed a toggle that existed in previous versions of it's software.
If it's really a problem and creates concerns they will bring back that toggle.
Like I said there's too much unjustified drama on this thread.
But it already has created concern. That's why there is an article from the BBC. You are just trying too hard to dismiss it.
"One security expert said it was a significant problem that could allow unauthorised access to the device."
https://www.bbc.com/news/technology-50085630
And if the tech is faster because it bypassed a previous security feature then that is a major problem that shouldn't be summarily dismissed.
I don't have that one
I have the S8.[automerge]1571506231[/automerge]
The rest is encrypted too. But the problem with Android 9 (and my phone can't go any higher) is that apps can read each other's storage just by sharing permission to load a picture or something.
Actually wasn't the first issue Twins or your children being able to unlock the iPhone 10
Actually wasn't it being able to break the iPhone X face I'd with a twin or even a child. Also just using glasses on someone sleeping? https://thenextweb-com.cdn.ampproje...9/08/09/apple-faceid-iphone-broken-biometric/
Which finger to use is easy if you just watch someone use it once.
I didn't want to get into the Android vs iOS thing here, but since you did: I just can't afford iPhones anymore since they went above €600. The iPhone 6 was my last one and I had to buy that when the 6S was already out. Samsungs S-series phones launch at comparable prices but drop very quickly, my S8 cost me €440. Since I moved to Android I've also become reliant on features like NFC for Yubikeys (for my password manager among others) which the iPhone didn't have for ages and even though it has it now there's still no software for my password manager that works with the Yubikey. I can't use Apple ecosystem stuff like iCloud keychain because I need everything to work on Windows and Linux as well as Mac.
iOS has has many exploits too including some to simply bypass the lock screen, and while Samsung isn't great at delivering major OS upgrades, they are one of the best on Android at patching security vulnerabilities. I also really love the DeX feature of my phone and use it a lot.
Indeed iOS has better security between apps. But this isn't the only reason why I segregate those apps this way. I alsolike having the 2-level security for my banking apps anyhow, someone could always grab my phone while it's unlocked and run off, for example.
Do you have any google apps, use google use gmail, maps, etc....on your iPhone? Then they get you too. Same as with app the other companies you have on your phone. It’s inescapable to be tracked!
He didn't say anything about this being the "first issue"with biometrics. Just that there have been two reported problems with Android biometrics in the last few days. And frankly, these are more serious than the few cases of problems with FaceID, especially the fingerprint problem.
I don't think you can say one is worse than the other. Both are a breach of security. You can't rank one worst than the other. This seems like a biased statement.
Not a problem until someone knocks you unconscious or kills you, takes your phone, and uses it to access your bank accounts. True.
That's quite extreme don't you think?
Anyway according to a source from Google you can't unlock apps or do mobile payments with the eyes closed, it only works like that for unlocking the phone itself.
[automerge]1571510513[/automerge]
Well then, its possible Google will bring back the options that requires to have the eyes opened in order to unlock the phone.
Its more than just an opinion and you know it.
Have you seen Pixel 4's face unlock system in action? The internet is full of hands on videos.
Sure you can rank them. As a developer I deal with software vulnerabilities all the time that I have to fix. And yes, they are ranked from critical to low in severity. That isn't bias. It is fact. If you want to pretend that the rare cases where people can open the iPhone's of their relatives is as severe as opening a phone with anyone's fingerprint then that is simply believing what you want to believe. Same with having to put modified glasses on someone's face while they are sleeping versus not having to have glasses at all.
OWASP Risk Assessment Framework | OWASP Foundation
OWASP Risk Assessment Framework on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
One would think so.
So an insecure “faster” unlock is better than a “slower” secure unlock?
It's not insecure as a general rule and that's the end of it.
For example in my case the situations in which somebody would try to unlock my phone while I have my eyes closed are closed to 0.
In the end you can deactivate attention requirement on the iPhone.
Why do you think Apple would allow such a thing if it's such a critical problem?
I remember that everybody was advising people to deactivate the attention requirement in order to get the iPhone x to unlock faster.
While this is quite a glaring issue, it’s something that can be easily fixed through software. I am a bit surprised they did not launch this phone with an “attention” type feature, they must have just been trying to show off the speed of it?
It’s true you can lessen the security on the iPhone, but require attention makes Face ID more secure and the px4 is inherently less secure without it.
That Apple allows one to deactivate that feature is tangential to the px4 doesn’t even support it.
The iPhone attention requirement is active by default and by disabling it you yourself accept the risk. You can leave your phone entirely unprotected if you want....again you accept the risk. The "critical problem" is as you have already said: the lack of the attention protection entirely. That is not the "end of it" at all. That is the beginning. Googling fixing the problem is the end of it.
And you are using the word "everybody" extremely loosely and without any backing as to advice consensus.
You misunderstood the issue. If you don't have a [unapproved] screen protector on your phone, then the stored fingerprint can't be defeated by applying a screen protector.
[automerge]1571515919[/automerge]
I agree but I am curious how many iPhone owners enable this extra protection? For most people, it probably simply isn't worth the extra hassle.