Face Unlock feature in Galaxy Nexus seen as novelty, not security
Analysts and Google suggest PIN or password alternate for smartphone
Computerworld - Face Unlock, the facial recognition software offered in Android 4.0 on the Galaxy Nexus, is being promoted by Google as an alternative to using a PIN to unlock a phone.
But early reviewers have noticed that Face Unlock sometimes can be spoofed by a photograph of the owner of the phone, posing a security risk.
A Google official wouldn't comment on various reports about the issue. Google calls Face Unlock "state-of-the-art facial recognition technology [that] lets you switch on your phone and look at it to get past the lock screen -- no passwords to remember, nothing to type or swipe."
Early users and reviewers, including Computerworld blogger JR Raphael, have noted that the Face Unlock feature in Android 4.0, Ice Cream Sandwich, is introduced on the Galaxy Nexus at set-up with a disclaimer. It describes the technology as less secure than other methods such as a password or PIN.
Raphael said he tried several times to spoof the phone with his own photo, but it never unlocked with the photograph, just his actual face.
At set-up, users are also asked to enter a backup security protection, such as a pattern or PIN, to Face Unlock. The backup obviously would come into play if lighting is poor and the facial recognition feature could not work.
Analysts took note that Google never said Face Unlock was a highly secure approach to unlocking a phone, and suggested that users not consider it so.
"I expect Face Unlock is a fairly rudimentary system that only looks at a few facial points to come to the conclusion that's it's you," said Jack Gold, an analyst at J. Gold Associates.
While some facial recognition systems can be highly secure and safe, they require much higher resolution cameras, and high processing power. "Would I want to use Face Unlock for doing monetary transactions? Not a chance," Gold said.
While the Google approach may be rudimentary, it's probably intended to be a convenience or even a "conversation piece," Gold added. As Google has required at set-up, a good second factor authentication is needed.
"Even a good password, with sufficient length and different characters, would be more secure than this low-end option, in my opinion," he said.
Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about Mobile Apps in Computerworld's Mobile Apps Topic Center.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Use the Mobile App Mix to Choose an Enterprise App Store Strategy In this research report Gartner outlines how organizations can optimally secure, distribute, and manage mobile applications for employees and contracted workers.
- The Case for Mobile Apps Today's mobile apps turn handheld devices into e-book readers, portable navigation systems, digital wallets and more. And for organizations with mobile workers, they...
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Mobile Apps White Papers | Webcasts