Samsung announced its latest series of Android flagships late last month, debuting handsets packed to the brim with the latest and greatest the technology industry has to offer, yet not even its state-of-the-art handsets can fix face unlock, one of the most frequently encountered weaknesses of today’s smartphones.
“Look, mom, no security!”
In a six-second video posted on Twitter several hours back, journalist Julian Chokkattu demonstrated how fooling Samsung’s newest phablet is as simple as pointing it in the general direction of a picture of its owners’ face. The clip that can be seen below stars the Galaxy S10+ but all members of the new Android family run the same authentication software and the last two generations of the range are extremely similar in this regard as well.
Following the update to One UI based on Google’s Android 9 Pie, Samsung revamped its mobile biometrics platform and provided users with the option of circumventing what it calls “faster recognition.” While removing that convenience-focused algorithm out of the equation doesn’t result in a perfectly secure authentication experience, doing so was enough to stop Mr. Chokkattu from continuing to toy with the Galaxy S10+’s facial recognition.
The same option is also available on all Galaxy S8 and Galaxy S9-series handsets running Android 9 Pie but was previously deemed shaky at best following white-hat testing relying on more professional (read: complicated) attack vectors.
Even if the system was much more secure, even its reckless state often fails to fulfill user expectations in terms of speed, and the other one can make it outright annoying; according to numerous comments owners of Samsung’s recent Android flagships posted online, as well as testing performed by Android Headlines staff. Given how nearly all contemporary phablets from Samsung’s portfolio were met with almost universal praise, such criticism easily stands out.
An extra dimension to save the day
The latest range of Samsung-made flagships released earlier today as the company’s first ultra-premium lineup without an iris scanner since the Galaxy S5 launched in early 2014. While its removal makes the “naked” face unlock offered by the Galaxy S10 even less secure in theory, Samsung’s biometric authentication never truly worked in a consistent manner.
The company did come close with Intelligent Scan, a feature of Samsung Experience 9 based on Android 8 Oreo, yet even that version of the technology that combined iris scanning with software-only face feature recognition was slower than something like Windows Hello cameras found on all relatively recent Surface Pro hybrids from Microsoft.
On paper, the latter tech is absolutely ancient, yet Samsung’s implementations consistently put out worse results; i.e. Microsoft doesn’t claim its solution offers anything resembling security either but at least most of its customers can attest it’s extremely fast and consequently highly convenient.
Samsung now may have finally found a suitable solution for making face unlock work but decided to limit it to a target demographic that’s minuscule at best. The 5G-ready member of the Galaxy S10 series, the one that sports a ridiculously big 6.7-inch screen, sports a time-of-flight sensor next to its front-facing camera, in addition to offering one such module on the back, hence being equipped with half a dozen cameras in total.
However, don’t celebrate just yet because while Apple has been using similar tech to offer an objectively superior solution in Face Unlock since late 2017, Samsung’s current concern is to leverage the extra dimension in order to boost – emoji performance. That’s right, not even a device whose price tag is dangerously close to the $2,000 mark will use depth-mapping to ensure you are who you say you are from day one. But hey, dancing dogs and singing chicks?
Samsung may eventually get around to making its software more akin to something iOS users have been enjoying for a year and a half now but until that happens and its 3D cameras make their way to something remotely affordable, you win the lottery, hit your head, or become willing to shell out two grand on a smartphone for any other reason, face unlock is something you should avoid if you care about security – and that goes for the vast majority of devices from any other Android brand as well.
So yeah, the #GalaxyS10 can be unlocked with an image of your face. BUT go into Settings > Biometrics and Security > Face recognition and toggle off “Faster recognition.” Haven’t been able to fool it with an image since, and the speed difference doesn’t feel that much slower. pic.twitter.com/n13sEmn8mt
— Julian Chokkattu (@JulianChokkattu) March 7, 2019