Updated Pixel 4 owners can unlock their smartphones with their faces even if they have their eyes closed. That's not good.
Google’s Face Unlock feature in the new smartphone uses machine-learning algorithms to recognize your face and grant access to the device's apps and data. The biometric system is designed to ensure that only you can only unlock your own phone.
And seeing as it still works even when your eyes are closed, theoretically someone else could access your handheld by pointing one of the cameras at your fizog when you’re obliviously snoozing, or, er, deceased. That's good news for cops, prying partners, and pranksters.
Also, Face Unlock is the the only biometric system the Pixel 4 uses to handle authentication and security. Past models had a fingerprint sensor, and that's missing from the new handset. If you tried to use a sleeping person's fingers to unlock a device, you would potentially wake them up. Here was an opportunity for Google to prevent such unauthorized access, by detecting open eyes, and the web giant missed it.
When The Register asked The Chocolate Factory to clarify the facial-recognition system's operation, a spokesperson declined to answer our question: can you unlock a device using the owner's face if they are asleep or have snuffed it? No comment.
Instead, we were told: “Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps. It is resilient against unlock attempts via other means, like with masks.”
So, it sounds as though miscreants may be able to crack into your online bank account and steal your hard earned cash when you’ve nodded off or passed out after a night of heavy boozing.
You can see how this might work, as demonstrated by the BBC’s tech reporter Chris Fox:
For comparison, Apple employed similar technology for its Face ID system on the iPhone X and its latest iPhone 11 models, but it required people’s eyes to be open. In other words, you have to be alert and aware in order for it to work.
Google came under fire when it was revealed that it had hired a temp agency to scour the streets of Atlanta to collect images of black people to train its Face Unlock algorithms. Participants were offered $5 Starbucks vouchers as a reward for handing over their personal data. Contractors often targeted homeless people and students. Atlanta’s city attorney, Nina Hickson wrote a letter directed at Google’s chief legal officer, Kent Walker, demanding the company to explain why it was exploiting the city’s “most vulnerable populations”.
Just in case you needed another reminder that smart speakers are creepy: Google’s Senior Vice President of Devices and Services Rick Osterloh admitted in an interview that he warns guests of his always-listening Google Home speakers before they entered his house.
"Does the owner of a home need to disclose to a guest?" he said. "I would and do when someone enters into my home, and it's probably something that the products themselves should try to indicate."
All in all, it's not a good look for Google. ®
Updated to add
“We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months," Google told The Register in a statement.
"In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock. Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps. It is resilient against invalid unlock attempts via other means, like with masks.”