Pixel 4 Face Unlock to (Eventually) Require Open Eyes

Paul Thurrott
Oct 21, 2019
27

I was a bit surprised by how willing the tech press was to believe that Google’s Pixel 4 Face Unlock is somehow as secure as Face ID. That’s not true now. And it’s not true until independent third-party security experts assess the feature.

But one controversy at a time. Let’s address the “now” part, since very few people, an no security experts, have a Pixel 4 at this time.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

Last week, a Google support document invited the unwelcome possibility that someone else could unlock their phone simply by holding it in front of the user’s sleeping face. At the time, Google seemed a bit surprised by the concern, which it should have anticipated. And when asked about the problem, it simply said that the feature was designed to get better over time and would.

Still, the bloggers and influencers who were invited to the Pixel 4 launch event almost universally cited as fact that Face Unlock was somehow as secure as Apple’s Face ID feature, which has been proven in the real world and has materially improved over time, especially in performance.

Fortunately, the outcry from potential customers triggered a more substantive reply from Google.

“We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months,” a Google statement explains. “In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a PIN, pattern, or password for the next unlock. Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps. It is resilient against invalid unlock attempts via other means, like with masks.”

According to Google, Face Unlock “creates a model of your face, and that model is stored in Pixel’s security chip on the device.” But the trouble comes in the details, as Google also notes that “Looking at your phone can unlock it even when you don’t intend to. Your phone can be unlocked by someone who looks a lot like you, like an identical sibling. [And] your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed.”

That last line, of course, triggered the current and avoidable controversy.

Tagged with

Please check our Community Guidelines before commenting

Conversation 27 comments

wright_is
Premium Member
21 October, 2019 - 8:39 am

Leo on TWiT on Sunday held his hand before his guest's eyes as she tried to unlock her Pixel 4, even with his hand in front of her face it unlocked… I only heard it on the podcast this morning on the way to work, I haven't seen the video of the incident.

Log in to Reply

torsampo

21 October, 2019 - 9:42 am

<blockquote><a href="#482329">In reply to wright_is:</a></blockquote>I saw the segment on Twit. Flo held the phone up to her face (it unlocked very quickly). She continued to hold the phone up to her face while Leo put his hand over her eyes. She appeared to hit the power button then immediately declared it was unlocked. It was not a clear that the phone was actually re-locked because she never took the phone awary from her face. Also, the angle of the phone was low enough and Leo's hand far enough from her face that it maybe still saw enough of her face to unlock even it was locked (as I understand Pixel face unlock is generous with angles). I don't have a Pixel 4 so can't test myself, but I would not use the bit on Twit as a measure- it was chaotic and haphazard and not an actual test of anything.

Log in to Reply

wolters
Premium Member
21 October, 2019 - 9:57 am

<blockquote><a href="#482349">In reply to torsampo:</a></blockquote>I'm not a fan of Flo at all but like you, will see how the upcoming real world reviews show this happening (or not happening)…I look forward to Paul's trusted review. 

Log in to Reply

torsampo

22 October, 2019 - 4:01 pm

<blockquote><a href="#482329">In reply to wright_is:</a></blockquote>My Pixel 4 arrived today and it does not unlock if i cover my eyes with my hand.

Log in to Reply

torsampo

21 October, 2019 - 8:40 am

I can't believe how many people – ahem, excuse me, tech pundits – are up in arms about this. Phone security is important and it's nice to see users will eventually get a choice in this matters. However, if someone is opening your phone while you sleep or trying to unlock your phone when you don't have possession of it (by the authorities, bad actors, etc) then you have much bigger problems. Trust issues with friends/spouses, legal issues, issues of physical threat- all of these seem to supersede "oh no you might get on to my phone". If locking down your phone is such an important issue to you, then don't rely on biometrics of any kind from any phone producer. 

Log in to Reply

wright_is
Premium Member
21 October, 2019 - 9:03 am

<blockquote><a href="#482330">In reply to torsampo:</a></blockquote>At the end of the day, biometrics aren't security, they are identity. If you want real security, use biometrics + a security method, like password, PIN, pattern, smartcard etc.

Log in to Reply
Jeffsters

21 October, 2019 - 1:47 pm

<blockquote><a href="#482330">In reply to torsampo:</a></blockquote>My how our opinions on technology evolve depending upon platform. What was it you said about FaceID a year ago? 

Log in to Reply

torsampo

21 October, 2019 - 3:18 pm

<blockquote><a href="#482428">In reply to Jeffsters:</a></blockquote>You really need to settle down. I said I could envision it being a danger while driving a car and I questioned the wisdom of removing a proven biometric to be replaced with a version one biometric. Nothing I have said here contradicts that. If Google had announced Face Unlock 2 years ago and had removed the fingerprint reader I would have been just as skeptical, but this tech has had at least 2 years to mature so I no longer see it as an issue. And yes my opinion on face-based biometrics has evolved..but based on time and development not on platform. That should be obvious. You are just looking for a fight.

Log in to Reply

Jeffsters

21 October, 2019 - 3:31 pm

<blockquote><a href="#482451">In reply to torsampo:</a></blockquote>No just calling out hypocrisy when I see it! You joined in with the FaceID detractors adding fuel to the fire. You look for fault on one while while now making excuses for the other. No fight just offering a reflective moment. 

Log in to Reply

torsampo

21 October, 2019 - 4:59 pm

<blockquote><a href="#482454">In reply to Jeffsters:</a></blockquote>In what way am I being hypocritical? I wasn't randomly spitting bile at Apple and FaceID. I was voicing a specific concerns about car use and dropping the fingerprint too early. It is not hypocritical to have reservations about being confined to a relatively new tech to unlock your phone and then TWO YEARS later to comment on a new iteration of that technology and whether some possible defect in the new iteration is important or not. One has nothing to do with the other. If I had said "this new face unlock is in no way dangerous while driving because its being made by Google" then you can call me a hypocrite. The fact is I still have some concerns about car use but Android's smart lock pairing with my car's bluetooth hopefully mitigates that with the Pixel 4. I won't know until I try it. Note that two years ago, I pointed out that if iOS had a similar feature it would make my concern moot. At the time I don't recall if anyone confirmed if this was something the iPhone could do (and I still don't know). This is a problem with discourse these days. Too frequently unless your opinion is 100% in line with your side's dogma then you are a traitor, hypocrite and enemy. Most argument and discussion deserves more a more nuanced reading than that.

Log in to Reply

Vladimir Carli
Premium Member
21 October, 2019 - 6:24 pm

<blockquote><a href="#482330">In reply to torsampo:</a></blockquote> I hope you are joking, or maybe you just live alone. This is a major design flaw. Any parent I know with teenage kids doesn’t want them to access their phone just waving it in front of them while they sleep

Log in to Reply

SvenJ

21 October, 2019 - 7:04 pm

<blockquote><a href="#482478">In reply to Vladimir:</a> Really. All the teenagers where you live have that little integrity. </blockquote> 

Log in to Reply
torsampo

21 October, 2019 - 8:57 pm

<blockquote><a href="#482478">In reply to Vladimir:</a></blockquote>It is I who hope you are joking. I have two teenage kids and if I suspected that they would even consider breaking into my phone (for god knows what purpose) by sneaking up on me while i slept then I have much much bigger problems than a missing feature from face unlock. That's a pretty sad comment. I think the option should be there, perhaps even should have been there at launch but if you need it because you don't trust your own kids for even that little bit…I don't know of any parent in my circle of friends who would feel otherwise. If security is that important, even in your own home, then don't use biometrics on a Pixel or an iPhone.

Log in to Reply

Daekar

21 October, 2019 - 8:55 am

They're going to release the OPTION for the requirement that your eyes be open? Seriously?Google, this is the crap that drives me up the wall and makes me want to buy an iPhone. Just own up to the fact that you overlooked that problem and fix it.

Log in to Reply

yoshi
Premium Member
21 October, 2019 - 10:57 am

<blockquote><a href="#482333">In reply to Daekar:</a></blockquote>To be fair, it's also an option on iPhone. It's just turned on by default.

Log in to Reply

Jeffsters

21 October, 2019 - 1:35 pm

<blockquote><a href="#482367">In reply to yoshi:</a></blockquote>To be fair? Apple’s version works! The option to turn it off is for some outlier cases such as those who may have physical disabilities or, like my brother, facial deformities. How about if this has been Apple? This place would be burning with self-righteousness and Apple haters bashing. Fair? Here? Please!

Log in to Reply

yoshi
Premium Member
21 October, 2019 - 1:47 pm

<blockquote><a href="#482426">In reply to Jeffsters:</a></blockquote>What? Daekar is complaining that it will be an option on the Pixel. That's all I was replying to. That it's also an option on iPhone.

Log in to Reply

BrianEricFord

21 October, 2019 - 2:38 pm

<blockquote><a href="#482427">In reply to yoshi:</a></blockquote> The distinction is opt-out option and opt-in option. The former (Apple’s implementation) is better for security while the latter is where Google is going — AFTER stupidly not even providing either option.

Log in to Reply

jgraebner
Premium Member
21 October, 2019 - 7:09 pm

<blockquote><a href="#482434">In reply to BrianEricFord:</a></blockquote>The various leaks showed this option, so I suspect it had a serious bug that Google didn't manage to fix before launch. They should have gotten ahead of this one by owning up the issue immediately, but I strongly suspect this will be fixed pretty quickly and that it will be the default setting once it is.

Log in to Reply

dcdevito

21 October, 2019 - 10:15 am

Nothing Google delivers after the fact has ever been fully corrected or adjusted, based on personal experience. I bet this never gets fully solved. With Google the real fix is in the next phone. 

Log in to Reply
Winner

21 October, 2019 - 2:21 pm

Gee, perhaps a fingerprint sensor is a better idea.

Log in to Reply

BrianEricFord

21 October, 2019 - 2:39 pm

<blockquote><a href="#482432">In reply to Winner:</a></blockquote> why? A fingerprint sensor has the same glaring weakness except that you can’t shut off your fingerprint like you can your attention.

Log in to Reply

Winner

21 October, 2019 - 4:07 pm

<blockquote><a href="#482435">In reply to BrianEricFord:</a></blockquote>I was just thinking that if you held a phone where it could see a face with closed eyes (the Pixel "weakness", you could certainly hold a stolen iPhone where it pointed at a face with open eyes. The FP sensor requires actual physical contact. But of course that can be done in an undesired way, too.

Log in to Reply

madthinus
Premium Member
21 October, 2019 - 3:00 pm

Hey, at least Google is consistant: They gave the same care for your privacy as they do in all of their products in this one. 

Log in to Reply
nicholas_kathrein

21 October, 2019 - 5:05 pm

So lets go to the marketing meeting where they decided to do this. I know Apple has the same meetings because their marketing teams actually have a huge part in picking features of new hardware and software. Marketing says " You now have something like face id?"Engineer says " Yup!" Marketing says "Anything that I should know about anything that could make people not like it?"Engineer says " Well its really fast and maybe faster than Apple's but only if we don't look for peoples eyes open." Marketing says "Why is that?"Engineer says " Well if your not looking for eyes then it will unlock at more angles and more quickly. It's still as secure as Apple's if you turn their check off for eyes off." Marketing says "Ok, we'll release it without that feature. If we are lucky everyone gets impressed by how fast it open and by the time this is brought up will just say that feature is coming." 

Log in to Reply
DaddyBrownJr

22 October, 2019 - 3:33 pm

OMG. Someone can unlock my Pixel XL using the fingerprint reader while I'm asleep!

Log in to Reply
harris0n

24 October, 2019 - 4:30 pm

Fingerprints also work when you're asleep.

Log in to Reply

About author

Paul Thurrott

Paul Thurrott is an award-winning technology journalist and blogger with over 25 years of industry experience and the author of 30 books. He is the owner of Thurrott.com and the host of three tech podcasts: Windows Weekly with Leo Laporte and Richard Campbell, Hands-On Windows, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows from 1999 to 2014 and the Major Domo of Thurrott.com while at BWW Media Group from 2015 to 2023. You can reach Paul via email, Twitter or Mastodon.

View Articles

Currently on Forums
Visit the forums
- My Surface Journey
  Posted by Greg Edwards
  
  3
  comments
- Does this APU make sense? A possible PS5 to RTX 4060TI for laptop (NPU = 60 TOPS)
  Posted by Sarah Duguay
  
  2
  comments
- Web Apps vs. Store Apps
  Posted by Greg Edwards
  
  11
  comments
- [CLOSED] Ask Paul for Friday, April 26
  Posted by Paul Thurrott
  
  10
  comments
Podcasts
Podcast Hub
- The Sams Report: The Important Microsoft Numbers
  
  Aired on April 26, 2024 by Brad Sams with 0 Comments
- First Ring Daily 1591: Big Numbers
  
  Aired on April 26, 2024 by Brad Sams with 0 Comments
- Windows Weekly 878: If You Build It, You Are Dumb
  
  Aired on April 25, 2024 by Paul Thurrott with 1 Comment
- NEW A.I. Features Unleashed in Microsoft Teams and Edge
  
  Aired on April 25, 2024 by Russell Smith with 0 Comments
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Pixel 4 Face Unlock to (Eventually) Require Open Eyes

Windows Intelligence In Your Inbox

Tagged with

Share post

Conversation 27 comments

My Surface Journey

Does this APU make sense? A possible PS5 to RTX 4060TI for laptop (NPU = 60 TOPS)

Web Apps vs. Store Apps

[CLOSED] Ask Paul for Friday, April 26

The Sams Report: The Important Microsoft Numbers

First Ring Daily 1591: Big Numbers

Windows Weekly 878: If You Build It, You Are Dumb

NEW A.I. Features Unleashed in Microsoft Teams and Edge

Windows Intelligence In Your Inbox

Sections

About Thurrott

Contact

Our Other Sites

Subscribe