This week when Apple announced Face ID on the iPhone X I think they raised a lot of questions about the security of this technology. In the Mac Geek Gab Facebook group, someone asked an interesting question. They asked whether Face ID would work if someone had one eye that focused straight ahead and the other eye at a different angle.
That got me to thinking, what about blind people who often keep their eyes closed? I pinged Shelly Brisbin, author of the book iOS Access for All to see if she knew anything. She sent me a link to a blog post by Jonathan Mosen on his blog called Mosen Consulting: Face ID Accessibility. Apple offers some answers.In the article Jonathan explains that he had the same question and expanded it to include those with prosthetic eyes. He decided to reach out to Apple to ask how the requirement for “attention” by looking at the iPhone X would work for the blind. He got this response:
The iPhone X has been designed with a number of accessibility features to support its use.
For VoiceOver users, Face ID will prompt you as to how to move your head during set up in order to complete a scan. If you do not want Face ID to require attention, you can open Settings > General > Accessibility, and disable Require Attention for Face ID. This is automatically disabled if you enable VoiceOver during initial setup.
I thought that was swell, and posted it back to the Mac Geek Gab Facebook thread and someone pointed out that this makes the blind less secure.
I figured it was time to bring Bart into the conversation to chat about this and the other aspects of what we know about Face ID.
- Phil said on stage while the chances of someone having a fingerprint close enough to yours was 1 in 50,000, the chances of a face spoofing yours was 1 in 1,000,000.
- During the live demo of Face ID, it looked like it failed when Craig tried to use it the first time. In reality, it worked exactly as designed. From Technobuffalo: Face ID didn’t actually fail on the iPhone X. An Apple spokesperson provided this explanation:
People were handling the device for stage demo ahead of time and didn’t realize Face ID was trying to authenticate their face. After failing a number of times, because they weren’t Craig, the iPhone did what it was designed to do, which was require his passcode. Face ID worked as it was designed to.
- Keight Krimbel asked Craig a few questions about Face ID and he got answers: Craig Federighi answers an email, gives us some deets on FaceID
- iMore has done their usual terrific job of explaining everything you need to know about Face ID in this article by Lory Gil: Face ID: Everything you need to know! | iMore
- Ars Technica has an article about privacy and Face ID the implications from a privacy perspective and the law: What you should know about privacy and Apple’s FaceID on iOS 11 | Ars Technica
Bart and I talk in the interview about the repercussions of not having Attention Services on for the blind. It doesn’t really make the phone less secure (it still needs to recognize your face) but it just doesn’t need you to be looking at it for it to wake up. I guess a blind person’s kid could unlock mommy’s phone if she was sleeping, but that’s about it.
We also talk about the feature that you can grip the side button and the down volume button to disable Face ID entirely. This would be handy going through border patrol or when pulled over by a police officer. It’s a non-obvious way of disabling the ability to log in without a passcode.
Considerably more detail than this is available in NosillaCast #645 for September 17, 2017.