Face Unlock feature in Galaxy Nexus seen as novelty, not security
Analysts and Google suggest PIN or password alternate for smartphone
Computerworld - Face Unlock, the facial recognition software offered in Android 4.0 on the Galaxy Nexus, is being promoted by Google as an alternative to using a PIN to unlock a phone.
But early reviewers have noticed that Face Unlock sometimes can be spoofed by a photograph of the owner of the phone, posing a security risk.
A Google official wouldn't comment on various reports about the issue. Google calls Face Unlock "state-of-the-art facial recognition technology [that] lets you switch on your phone and look at it to get past the lock screen -- no passwords to remember, nothing to type or swipe."
Early users and reviewers, including Computerworld blogger JR Raphael, have noted that the Face Unlock feature in Android 4.0, Ice Cream Sandwich, is introduced on the Galaxy Nexus at set-up with a disclaimer. It describes the technology as less secure than other methods such as a password or PIN.
Raphael said he tried several times to spoof the phone with his own photo, but it never unlocked with the photograph, just his actual face.
At set-up, users are also asked to enter a backup security protection, such as a pattern or PIN, to Face Unlock. The backup obviously would come into play if lighting is poor and the facial recognition feature could not work.
Analysts took note that Google never said Face Unlock was a highly secure approach to unlocking a phone, and suggested that users not consider it so.
"I expect Face Unlock is a fairly rudimentary system that only looks at a few facial points to come to the conclusion that's it's you," said Jack Gold, an analyst at J. Gold Associates.
While some facial recognition systems can be highly secure and safe, they require much higher resolution cameras, and high processing power. "Would I want to use Face Unlock for doing monetary transactions? Not a chance," Gold said.
While the Google approach may be rudimentary, it's probably intended to be a convenience or even a "conversation piece," Gold added. As Google has required at set-up, a good second factor authentication is needed.
"Even a good password, with sufficient length and different characters, would be more secure than this low-end option, in my opinion," he said.
Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His e-mail address is email@example.com.
Read more about Mobile Apps in Computerworld's Mobile Apps Topic Center.
- Gartner Magic Quadrant for Mobile Application Development Platforms As unprecedented numbers of enterprises build mobile applications, the mobile application development platform market continues to grow and evolve rapidly.
- The Total Economic Impact of IBM's Worklight Platform Mobile is the fastest growing consumer technology in history. As enterprises build apps to engage these new users they are facing increased complexity...
- Improve Your Mobile Application Security with IBM Worklight IBM® Worklight helps organizations extend their business across multiple mobile devices. It provides an open, comprehensive and advanced mobile application platform to help...
- Unlock the Value of Enterprise Mobility Download this guide and learn how to manage the secure deployment of enterprise mobile apps and data, while still encouraging the levels of...
- It's Chaos Out There Worried about your mobile apps? You should be; it's chaos out there. Check out this humorous video and see if you can recognize...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Mobile Apps White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!