How Apple’s Face ID facial recognition works
In mid-September, Apple unveiled its new Face ID facial recognition system , which is due to debut with the iPhone X on Nov. 3. The system lets users unlock their phones just by glancing at them, but has also raised privacy questions and some anxieties over whether someone could force you to unlock your phone by pointing it at your face.
On Wednesday, Apple offered some in-depth explanations about the pains it’s taking to protect your privacy in an update to its website.
Here’s what you need to know about how Face ID works and the precautions Apple has taken for privacy and security.
How does Face ID work?
Face ID captures both a 3-D and 2-D image of your face using infrared light while you’re looking straight at the camera. Apple then compares that information to images you took while setting up Face ID; that comparison is done using a “neural network” that lives on the iPhone X’s new A11 chip.
Five unsuccessful attempts at Face ID will force you to enter a passcode — which you’ll need anyway just to set up facial recognition. That requires you to come up with a secure string of digits — or, for extra security, a string of letters and numbers — to protect your privacy.
Does it work?
It didn’t during Apple’s Sept. 12 event — at least initially, when senior vice president Craig Federighi tried and failed to demonstrate Face ID for the crowd before switching phones. Apple explained that handlers mistakenly set off Face ID attempts prior to Federighi’s presentation, which caused the phone to revert to a passcode lock before he took the stage.
While Face ID won’t face an acid test with ordinary users until November, Apple says it should work just fine.
Is Apple going to store my face in the cloud?
Relax, Apple says. Your face isn’t leaving your device.
The iPhone X will store representations of your face in its “secure enclave,” a hardware-based enclosure designed to be resistant to spying and tampering. The phone-based neural net processing means the image representations never have to go anywhere.
The iPhone X allows does allow third-party apps to let you sign in via Face ID, but these outside developers only receive notifications from Apple that you’ve been authenticated or not. Other apps “can’t access Face ID or the data associated with the enrolled face,” the company said in its security white paper.
The only time your images can leave the phone is when you call Apple’s support service, AppleCare. If you’re having trouble with Face ID, you can select which images you want to send for diagnostics, the company said.
Can a border guard/jealous spouse/traffic cop unlock my phone by pointing it at me?
Maybe — although Face ID only works if you’re looking at it. So turning away is one emergency measure you could take.
Apple has also provided a panic button feature. Simultaneously squeeze the iPhone X’s power button and either volume button for two seconds, and it will temporarily disable Face ID by turning the phone off. Just as with Touch ID, the phone requires a passcode after a restart. The process essentially turns your phone into a brick for anyone who doesn’t know your passcode.
Suppose I shave my head or grow a beard? Will my phone still know me?
Apple says its algorithms learn to adapt to appearance changes over time. The system keeps recent images and uses them to allow unlocking if they are close enough to the registered image.
But if you undergo a sudden changes in appearance — like shaving a beard, for instance — the phone will only add the new image to its library if you follow a failed Face ID attempt by immediately entering your passcode.