Google says a fix for Pixel 4 face unlock is “months” away
When the Pixel 4 ships this week, it will be releasing to consumers with a face-unlock security issue that will apparently stick around for some time. Unlike the iPhone’s FaceID (and Google’s earlier face-unlock system on Android 4.1), the Pixel 4’s face unlock doesn’t look for the user’s eyes, so the phone could be pointed at a sleeping or unconscious owner and unlocked without their consent. This weekend, Google said in a statement that a fix “will be delivered in a software update in the coming months.”
The Pixel 4 was announced last week, and instead of including a fingerprint reader like most Android phones do, the Pixel 4 features Google’s newly developed face-unlock system as the only biometric option. Google is clearly chasing the iPhone here, and the Pixel 4’s face unlock works just like Apple’s Face ID system: an IR dot projector blasts a grid of invisible dots onto the user’s face, and a camera (a pair of cameras, in the case of the Pixel 4) reads the user’s face in 3D.
As part of the many pre-release Pixel 4 leaks, screenshots of pre-release builds of the Pixel 4’s software showed an option to “require eyes to be open.” So we know Google hasn’t been completely blindsided by this problem; the fix just wasn’t ready in time for launch. Here’s Google’s full statement on the issue:
We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months. In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock. Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps. It is resilient against invalid unlock attempts via other means, like with masks.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.