Google is working to fix a security flaw in its new Pixel 4 smartphones after a journalist discovered that the phones’ facial recognition system, used for unlocking the device, works even when its owners’ eyes are closed.
The problem has raised concerns that people’s phone could be opened while they sleep, allowing anyone to snoop on their private messages and call history, and to gain access to private information, such as bank accounts and medical data through apps.
The Pixel 4 and Pixel 4 XL will ship on October 24 without the problem being fixed. A Google spokesperson tells Fortune that the company will update the phone’s software “in the coming months.”
The problem was first reported by the BBC, which received a device to review ahead of the phone’s release date.
People who are concerned about having their smartphone unlocked by someone else while they sleep can turn off facial recognition and require a pin to gain access. This can be done by adjusting the settings for “advanced and lock screen display”. If users do not see display, they should tap “security and location” and then “lock screen preferences,” according to Google.
Despite the issue, Google says its face unlock system “meets the security requirements as a strong biometric.” The company says it has also passed tests against other invalid login attempts, such as someone using a mask, to gain entry into the smartphone.
This is the second new phone in as many weeks that has a problem with biometric logins. Last week, Samsung acknowledged that its new Galaxy S10 and S10+ smartphones can be unlocked using anyone’s fingerprint, if the phone has a screen protector over the display.
In that case, Samsung advises GalaxyS10 and S10+ owners who use screen protectors to turn off fingerprint ID and instead unlock their phones using facial recognition or a passcode until the company releases a software update.
More must-read stories from Fortune:
—The wireless industry needs more airwaves, but it’s going to be costly
—Meet the executive leading Facebook’s big augmented and virtual reality push
—How to claim a cash settlement of up to $358 for Yahoo’s data breaches
—Now hiring: people who can translate data into stories and actions
—Is A.I. a trillion-dollar growth engine or a jobs-killer? There’s reason for optimism
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.
