FaceID

Alan_the_coder

Hi,
Why does GrapheneOS have not FaceID available?
I saw here and there that it can be considered insecure. This is something I don't really understand (I don't know all the technical reasons behind this).
Why can't we have the same functionality as TouchID, ie FaceID + PIN number?
My issue is shouldersurfing (children at home, or security cameras anywhere else), and I thought FaceID or TouchID would reduce the risk associated with it.
I understand some consider unsafe to replace a PIN code with FID or TID, but adding both methods (FID or TID + PIN) would be safer than only one in my opinion.
I know that you guys recently the TID+PIN functionality (which is great BTW), but why not FaceID+PIN?

For me, TouchID and FaceID can be a good replacement for a username, but definitely not for a password : FaceID = username and PIN = password

Am I saying something wrong?

other8026

Alan_the_coder Found this comment on the issue tracker: https://github.com/GrapheneOS/os-issue-tracker/issues/1746#issuecomment-1330074466.

I don't know the details about the newer devices, but I guess they also don't have the necessary hardware to make Face Unlock secure.

area51

Alan_the_coder
as regards shoulder surfing pin numbers. That is easily remedied. Memorable to you, obviosly, but sufficiently long enough to confuse watchers, especially when used on a scrambled pin pad. A long pin.
Humans in general are not capable of memorising at speed, at a random time, without preperation and/or notice to do so, a sufficently long set of digits, especially on a random ever changing scrambled pin pad.

Fay_Wilmont

Alan_the_coder FYI: there's no Face ID or Touch ID on Android, these are fancy Apple names for biometric authentication using the face or fingerprints.

area51 as regards shoulder surfing pin numbers. That is easily remedied. A long pin. Memorable to you, obviosly, but sufficiently long enough to confuse watchers, especially when used on a scrambled pin pad.

This does not protect against shoulder surfing by security cameras (which OP mentioned explicitly), whose footage can be enhanced if needed and replayed endlessly.

NetRunner88

Face unlock is image based, it's is unreliable AF and can be unlocked with a simple photo

Alan_the_coder

Thanks, I would prefer faceID + PIN, but for now I will be using scrambled pin pad.
The only issue with this solution is that I am quite slow to enter my pin (normal)...

oci3o

Pixel "face ID" doesn't work the same way as Apples FaceID, its not as secure either.

On stock OS, I believe it uses Google play services to work, Pixels also dont have the extra hardware required compared to FaceID.

phone-company

Face Unlock will never be safe and secure!

Vomitorius

If this type of facial unlock is so unreliable, why GOS left ability to set 'none' as phone unlock option?

other8026

Vomitorius I don't know the actual reason. Not sure if you'd get the same answer from someone else or not, but I'm thinking the reason is nobody would ever think that "none" is secure. It's pretty obvious.

It might be less obvious that other unlock methods are insecure.

de0u

Vomitorius If this type of facial unlock is so unreliable, why GOS left ability to set 'none' as phone unlock option?

I think it is clear to most people that "none" is not secure. But I think many people assume that face unlock is secure if it is available.

Meanwhile, I believe as a practical matter that Google does not contribute face-unlock code to AOSP. If that is accurate then it is unsurprising if the GrapheneOS project does not implement and maintain such code.

Vomitorius

other8026 that is what I mean - they remove facial unlock, as insecure, but leave 'none'. The photo based unlock is a Fort Knox in comparison with NONE.
I, as user, prefer to decide myself which method to use - we are in GOS not in Apple, you know.
If they leave 'none' as option, they should leave facial as well. They are both insecure.
Or remove both.

phone-company

Vomitorius

With “none” everyone knows that there is no security. With “faceunlock”, security is conveyed that does not exist. You can be forced to unlock or the device can be held in front of your face. This is now legal almost everywhere in the EU. Therefore, “faceunlock” does not meet the security standard. My opinion :)

Vomitorius

de0u GOS has most strict position on security, there should be no room for 'assuming' 🙂

de0u

Alan_the_coder I still believe that Unsecure Face Unlock + N-digits PIN code is more secure than only N-digits PIN code. Can't we force a user who chose Face Unlock to also setup a PIN code?

Again (de0u), as long as there is no face-unlock implementation in AOSP, there isn't a "Face Unlock" that users could possibly choose. Unless perhaps somebody contributes a proposed implementation.

KleinesSinchen

Allowing face unlock without sensors designed for this provides a false sense of security. A camera can be easily fooled with masks or in worst case with a photo.

If one is testing something and frequently switches profiles or reboots multiple times there might be a reason to have no screen lock (temporarily).

Similar argumentation regarding the pattern unlock method can be found in these threads:
https://discuss.grapheneos.org/d/2477-pattern-lock-considered-insecure-but-swipe-lock-or-none-lock-allowed
https://discuss.grapheneos.org/d/16393-maybe-re-instate-pattern-unlock

Vomitorius

phone-company there is insecure method in most secure system, my opinion :}

Alan_the_coder

Entering 1234 as a PIN code is also unsecure...
I still believe that Unsecure Face Unlock + N-digits PIN code is more secure than only N-digits PIN code. Can't we force a user who chose Face Unlock to also setup a PIN code?
There is something similar for Finger Unlock but the PIN code is not mandatory.

Alan_the_coder

de0u you're right, unfortunately this is the only option (developing face unlock in house)

NetRunner88

Face and Finger print are a Who (user) at a minimum, should not be used as a "password" in any case

Alan_the_coder

NetRunner88 yes, also we can change a password but not our fingerprint or our face!