UPDATE: The person manning the camera is Aman Firdaus from Amanz.my. He saw us doing the test a few times using the picture and face. He’s given permission for us to mention him here. Hopefully that will help clear some doubt. Thanks Aman!
UPDATE 2: Check out the response from Android Chief Designer Matias. Our Face unlock test was successfully repeated as well. Watch it here.
At the Samsung Galaxy Note regional launch in Jakarta last week, we had some hands on time with the yet to be released Google Galaxy Nexus and we got a question from @yauhui via Twitter asking if the Face Unlock feature in Ice Cream Sandwich can be tricked to recognise a picture of a face instead of an actual face. And so we went to test this out. We showed a Galaxy Nexus that has been setup to recognise an actual face. Then we showed the device a digital image of the same face but it was displayed on the screen of the Galaxy Note that we have on hand to see if we could trick Face Unlock to recognise the picture as well.
We took a video of this test and it went viral. We uploaded the video on November 9, and it currently has over 41,000 views and is featured on some of the most prominent tech sites in the world like TheNextWeb, Gizmodo, Huffington Post, TechCrunch, CNet, Phandroid, and Android and Me to name a few. The video was even featured on Yahoo! News globally. Our favourite is this one headline — “This Guy Just Exposed A Major Security Flaw In Ice Cream Sandwich”.
But the global coverage for our video is besides the point. What’s even more important is clarifying to everyone that the test — and the video — is not a trick. Some believed that we had programmed the Galaxy Note to recognise the picture and not the face. We must stress that this is not the case. The Galaxy Nexus in the video was the exact same unit we used to do our hands-on video where we originally set up the device to recognise a face and not a picture of a face.
Also, while we were doing the test, there were a few people watching including some of bloggers from the Malaysian contingent that went to Jakarta to with us for the regional launch of the Galaxy Note and a few reps from Samsung Malaysia and Samsung Indonesia. We did a couple of takes before deciding on the final video and those who were there saw that the phone recognised both the face and the picture of the face.
It is a great pity that we didn’t record this. Just that one simple action of showing the device recognising a face and a picture of the face in the same video would convince everyone beyond a doubt that the test is real, but alas, we forgot do it. We hope that those who were there and saw us doing the test can comment to confirm that this test is legit and that the Face Unlock feature can be defeated by a picture. If anyone reading has a Google Galaxy Nexus, please try the test out for yourselves and do share the video with us, we will more than happy to link to the video here.
More importantly is that we proved that it is possible to use a picture to unlock the Galaxy Nexus using Face Unlock. This is important because the Koushik Dutta, a CyanogenMod developer, asked the same question just last month and Time Bray, a Developer Advocate at Google who is focusing on Android, replied that it was not possible to use a picture with Face Unlock.
Though, in all fairness, Google did mention that Face Unlock is less secure than a pattern, pin or password and that someone that looks similar to you could unlock your phone. So essentially, Face Unlock is very similar to slide to unlock but a bit more secure, though not as lock tight as a password.
Having said that, we like Face Unlock. We like that we can just look at the Galaxy Nexus and it will unlock. Perhaps Google can make Face Unlock as an additional security measure. For example, before you can access the pattern unlock, the device needs to verify you with Face Unlock first. Or you can add a password feature to company the picture, so after the device recognises your face, it asks for a password that you must enter. To speed up the process the device can give you options that you just tap instead of needing to key in the password character by character.
What do you think about Google’s Face Unlock feature?
Here are some of the sites that featured our Face Unlock video:
- Android 4.0 Face Unlock feature defeated using a photo [Video] — TheNextWeb
- Android’s New Face Unlock Feature Fooled by a Picture — Gizmodo
- Yes, Android’s New Face Unlock Feature Can Be Fooled With A Photo — TechCrunch
- Face Unlock Tricked: Man Unlocks Galaxy Nexus Using Picture, Exposes Android Flaw (VIDEO) — Huffington Post
- Digital image can dupe Android face-based lock — CNet
- This Guy Just Exposed A Major Security Flaw In Ice Cream Sandwich — Business Insider
- Face Unlock fail: Galaxy Nexus unlocks with a photo of your face (video) — Yahoo! News
Thanks everyone for updating us on the coverage and thanks so much for the support!