Facial recognition in many phones not as secure as hoped

Strong bio-metric security on our mobile devices is something many of us take for granted. But it appears facial recognition security on some phones is not as secure as others. Including on Samsung's new flagship, the Galaxy S10. 

A recent study of over 100 phones with facial recognition revealed many are easily fooled by simple workarounds.

Some LG, Sony, Huawei and cheaper Samsung devices were tricked by holding up a photo in front of the camera to unlock. However, other devices were not fooled, including the iPhone and last year's Samsung Galaxy S9. See the full list of tested phones here

Despite the Galaxy S9 not being fooled in the test, we're seeing several reports saying the S10 is vulnerable to the photo trick.

Samsung Galaxy S10 facial recognition is vulnerable

The Samsung Galaxy S10 has been shown to have less-than-desirable facial recognition. It has been seen to fail by someone simply holding up an image of a person (see video). 


Samsung Galaxy S10 Fingerprint Sensor

While the facial recognition flaw may appear damning, Samsung has retained a fingerprint reader in its flagship Galaxy phone. Unlike the iPhone, which dropped the fingerprint reader when it changed to Face ID with the iPhone X. 

Many Android phone-makers have typically included both facial recognition and fingerprint scanning.

Instead of the face unlock on the S10, websites like Android Central suggest using the in-screen fingerprint sensor. The sensor sits under the screen near the bottom of the screen, as seen in the image. 

Apple Face ID appears more secure

Apple is broadly making privacy a core part of its products in the past 24 months. Face ID is a central part of its push.

Face ID and Touch ID data is stored in a dedicated area of the iPhone processor named the Secure Enclave. Apple explicitly says your Face ID or Touch data remains solely in the Secure Enclave. It does not leave the device, go in iCloud, nor is it accessible by Apple. 

Apple says there is a 1-in-a-million chance that a random person can unlock an iPhone using Face ID. Face ID is disabled if it does not recognise the user within five attempts. 

Compare this to a 1-in-50,000 chance of Touch ID being randomly compromised, or 1-in-10,000 chance of a 4-digit passcode being randomly compromised. 

What should you do?

Awareness is the first step in better security for mobile, you're already working on this step.

The second, is researching the history of your phone model and finding if it may be vulnerable like the Galaxy S10. Then choosing a security method that is acceptable to you. If you're not satisfied with bio-metric security, passcodes can be highly secure. Like any password, length and character diversity will improve passcode strength, aim for 9+ characters with a mix of numbers and letters. 

Finally, it is also useful to be aware of how to track, lock and erase your phone in the event it is lost or stolen. Most phone makers have a software option to remotely lock or erase your phone. 


Remember, security is relative. Acceptable risk is determined by you and how much value you place on the data stored in your phone. Weigh up your priorities, consider if sensitive personal, financial or work information is stored on your phone, and choose the security method you think appropriate. 

Latest Articles

Cybersecurity. It's constantly evolving. Have you updated your firms best practices for 2024?

Cyber security continues to be a prime concern for law firms in 2024. How can you help to ensure that your firm is ready?

4 Surprising Facts About Backups

We all know that backups are important and we assume that we are all over how our backups work and that we are safe. You might be surprised though that this is not always the case. In this article we explore 4 surprising facts about backups that you might not already know!

Sentrian is an ISO27001 certified organisation

As a Managed Services Provider, Sentrian must maintain high levels of security internally to protect our customers and their data. In addition to the many controls that we have implemented, Sentrian are also ISO 27001 Information Security certified to give our customers the certainty that they require to know that our organisation follows international best practice.

Subscribe to our Newsletter.