The new Pixel 4 duo relies on Google’s proprietary facial scanning system for unlocking the phone. These smartphones are the first pixel phones to ditch the fingerprint sensor completely. However, there’s a major security problem with the face unlock system.
For other phones with face unlock (including iPhone), if you’re not looking at the phone with your eyes open, it can’t be unlocked. This prevents other people from unlocking your phone while you’re asleep, for example.
Not in this case, Pixel 4 can be unlocked even if your eyes are closed, which makes it vulnerable to theft or a security breach. This massive flaw can pose a huge security threat and has resulted in skepticism from a number of users including BBC’s Chris Fox.
Google, without promising a software fix, initially responded by saying,
Your phone can also be unlocked by someone else if it’s held up to your face, even if your eyes are closed. Keep your phone in a safe place, like your front pocket or handbag. We don’t have anything specific to announce regarding future features or timing, but like most of our products, this feature is designed to get better over time with future software updates.
However, in a recent statement, the company has said that it is working on a software fix.
The full statement reads,
We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months. In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock. Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps. It is resilient against invalid unlock attempts via other means, like with masks.
Google Pixel 4 already has a ‘screen attention’ feature which prevents the screen from turning off when you are looking at it. The company only needs to make it work for unlocking the phone as well.