When the Pixel 4 ships this week, it will be releasing to consumers with a face-unlock security issue that will apparently stick around for some time. Unlike the iPhone’s FaceID (and Google’s earlier face-unlock system on Android 4.1), the Pixel 4’s face unlock doesn’t look for the user’s eyes, so the phone could be pointed at a sleeping or unconscious owner and unlocked without their consent.
This weekend, Google said in a statement that a fix “will be delivered in a software update in the coming months.”
The Pixel 4 was announced last week, and instead of including a fingerprint reader like most Android phones do, the Pixel 4 features Google’s newly developed face-unlock system as the only biometric option. Google is clearly chasing the iPhone here, and the Pixel 4’s face unlock works just like Apple’s Face ID system: an IR dot projector blasts a grid of invisible dots onto the user’s face, and a camera (a pair of cameras, in the case of the Pixel 4) reads the user’s face in 3D.
As part of the many pre-release Pixel 4 leaks, screenshots of pre-release builds of the Pixel 4’s software showed an option to “require eyes to be open.” So we know Google hasn’t been completely blindsided by this problem; the fix just wasn’t ready in time for launch. Here’s Google’s full statement on the issue:
We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months. In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock. Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps. It is resilient against invalid unlock attempts via other means, like with masks.