Ever since Apple unveiled its premium iPhone X smartphone, there have been questions over the security and effectiveness of its Face ID feature, which lets a customer log into the device by letting it scan their face.
On Wednesday, Apple tried to answer a bunch of those questions by publishing a new support page and security whitepaper that explain how the feature works. Here are five things we learned through these explanations.
What happens on the iPhone X stays on the iPhone X
One concern related to the potential for app companies that aren’t Apple to compile databases of iPhone X users’ facial information. That can’t happen, as Face ID works pretty much like Touch ID, the Apple feature that lets you log in with your fingerprint.
When you “enroll” your face for logins, the iPhone X will turn the scanned information into a mathematical representation that it then encrypts and stores on a special processor called the Secure Enclave. Then, when you try to log into your phone or a third-party app that accepts Face ID as a login mechanism, the Face ID system will again make a mathematical representation of what it sees, and compare it to the one you enrolled in the first place.
If they match, the system will tell your phone, or that app, to let you in. There’s no need for any of your facial information to go to third parties or even to Apple itself—unless you choose to send it to Apple for technical support purposes.
“Apps are only notified as to whether the authentication is successful. Apps can’t access Face ID data associated with the enrolled face,” Apple said.
The system will track changes
Face ID’s mathematical representation of your visage won’t remain stuck in the past. Indeed, it will change over time.
If, for example, you grow a beard or get new glasses, the system may not recognize you, forcing you to enter your passcode. However, it will then know that what it just saw really is you, and will update the information to take account of the changes.
Kids may have issues with Face ID
At the iPhone X launch event, Apple product marketing chief Phil Schiller conceded that a person’s close relatives might find it easier than others to trick Face ID into letting them into that person’s phone or apps. Apple’s new information confirms this.
While there’s only a one-in-a-million chance of some random person being able to do this on your phone, Apple said Wednesday that the “statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed.”
It didn’t specify what the statistical probability in such cases would be, but it did suggest that those worried about the issue stick to passcodes rather than Face ID.
Masks shouldn’t fool the system
Biometric systems have historically been hacked by people making casts of people’s fingerprints, or taking photos of people’s irises. Face ID works with three-dimensional rather than 2D information, of course, but Apple claims masks won’t fool the system.
Why? Because the system will only work when “your eyes are open and looking towards the device.” Time will tell whether this will prove a sufficient barrier, but it does at least suggest that a dummy face will have to be very sophisticated to trick Face ID.
Of course, none of this will obviate the possibility of a mugger or border guard waving your $999 iPhone X in front of your alarmed face to unlock it.
Face ID may glow in the dark
“Some may… notice a faint light output from the TrueDepth camera when viewed in a very dark room,” Apple said. This is because the system’s TrueDepth camera, which can be activated just by picking up the phone, uses infrared light to scan things. That what allows it to operate even in complete darkness.
Apple claims the camera poses no health risks due to its low output, and is “safe to use under normal usage conditions.”
