As it turns out, Google Pixel 4 smartphones have a major security loophole. The Face Unlock feature in the new Pixel 4 and Pixel 4 XL phones isn’t as secure as one would imagine it to be. And the funniest part is, Google are themselves admitting to the issue, in their own support documentation for this feature. After all the hype and excitement about the new Project Soli radar chip in the new Pixel 4 phones which are involved in the working of pretty much everything including gesture controls and biometric authentication, this is surely an uncomfortable development for most potential Pixel 4 buyers. Unauthorized access into a Pixel 4 phone is very much a constant concern now, at least for those who will buy one.
The issue at hand is about three guidelines that Google has published regarding the working of the Pixel 4 phones (You can read those here). The first reads, “Looking at your phone can unlock it even when you don’t intend to.” This could be a direct result of the new gesture controls that have the (or at least claim to) ability to pre-empt when you may want to use your phone and unlock the device as they see your hand approaching it.
The second guidance reads, “Your phone can be unlocked by someone who looks a lot like you, like an identical sibling.” Wait, what?
However, that is not the end of the saga. There is a follow-up guidance which says, “Your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag.” Oh wait, hang on a minute—do consumers not mean much to you, Google?
Really, what sort of biometric system is in place that allows pretty much anyone to unlock your phone by either holding it up to your face (well, most of us don’t sleep with one eye open) or by someone who looks like you (annoying siblings, with the operative word being annoying). Look, we haven’t used the Pixel 4 phones yet, because they aren’t landing in India anytime soon, but this sort of official advisory doesn’t really exude much confidence in terms of how secure this thing is.
Remember, the Pixel 4 phones do not have a fingerprint sensor. So its either face recognition or you have to punch in your password every time you want to unlock your phone. Well, 2010 called and it wants its screen lock back.
Google developed its own face unlock system for the Pixel 4 and 4 XL phones and says that all those fancy new sensors sitting in the bezel above the screen are pitching in with the smartness. Though Google never said it, but many believed (clearly wrongly so) that this would be similar to the Face ID feature in the Apple iPhone line-up. What Google does believe is that face unlock as a method can be secure enough to be the authentication method across Android and its wide world of apps. Imagine someone making an unauthorized payment via Google Pay when you weren’t noticing.
BBC News reporter Chris Fox did some further tests with the Pixel 4 device they have, and the results showed that the phone was successfully unlocked by face recognition even if the actual owner of the phone pretended to be asleep. Some of the many millions of leaked images of the Pixel 4 that were doing rounds before of the official launch did show a setting called "Require eyes to be open," in the settings menu for face unlock. However, Fox says this particular option is not present on the devices they are using right now. Google has reportedly confirmed that this will not be a feature on phones that go on sale later this month.
For the moment, Google has a rather complex workaround if you don’t want someone to access your Pixel 4 phone while you are sleeping, or just because they have an uncanny resemblance with you. This is called Lockdown. To enable this Lockdown option, you need to head to Settings -> Display -> Advance -> Lock screen display -> Turn on Show lockdown option. Now, the Lockdown option will show in the menu that pops up when you press the power button. To use it, you need to select Lockdown from that menu. Google says, “Lockdown will only work until you unlock your phone. If you want keep using lockdown, turn it on each time you want to use it.”
This is perhaps a good example of how complicating things breaks the simplicity of it all. And surely it will take some effort to justify how this is a good thing.