Face Unlock feature in Galaxy Nexus seen as novelty, not security
Analysts and Google suggest PIN or password alternate for smartphone
Computerworld - Face Unlock, the facial recognition software offered in Android 4.0 on the Galaxy Nexus, is being promoted by Google as an alternative to using a PIN to unlock a phone.
But early reviewers have noticed that Face Unlock sometimes can be spoofed by a photograph of the owner of the phone, posing a security risk.
A Google official wouldn't comment on various reports about the issue. Google calls Face Unlock "state-of-the-art facial recognition technology [that] lets you switch on your phone and look at it to get past the lock screen -- no passwords to remember, nothing to type or swipe."
Early users and reviewers, including Computerworld blogger JR Raphael, have noted that the Face Unlock feature in Android 4.0, Ice Cream Sandwich, is introduced on the Galaxy Nexus at set-up with a disclaimer. It describes the technology as less secure than other methods such as a password or PIN.
Raphael said he tried several times to spoof the phone with his own photo, but it never unlocked with the photograph, just his actual face.
At set-up, users are also asked to enter a backup security protection, such as a pattern or PIN, to Face Unlock. The backup obviously would come into play if lighting is poor and the facial recognition feature could not work.
Analysts took note that Google never said Face Unlock was a highly secure approach to unlocking a phone, and suggested that users not consider it so.
"I expect Face Unlock is a fairly rudimentary system that only looks at a few facial points to come to the conclusion that's it's you," said Jack Gold, an analyst at J. Gold Associates.
While some facial recognition systems can be highly secure and safe, they require much higher resolution cameras, and high processing power. "Would I want to use Face Unlock for doing monetary transactions? Not a chance," Gold said.
While the Google approach may be rudimentary, it's probably intended to be a convenience or even a "conversation piece," Gold added. As Google has required at set-up, a good second factor authentication is needed.
"Even a good password, with sufficient length and different characters, would be more secure than this low-end option, in my opinion," he said.
Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His e-mail address is email@example.com.
Read more about Mobile Apps in Computerworld's Mobile Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Performance Management: The Mobile App Development Playbook This comprehensive 16 page Forrester Research, Inc. report, authored by Jeffrey Hammond, Forrester VP and Principal Analyst, details a number of valuable, commonly...
- New Problems Require Innovative Solutions The mobile market is expected to be worth $25 billion by 2015
- Getting Agnostic about Mobile Devices The idea of being able to interact with customers, prospects, and stay attuned to competitive pressures is not new, but the velocity at...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Mobile Apps White Papers | Webcasts