Apple said she would share with us more details on how the face recognition system works on iPhone X and kept her promise.
The company has released a document titled 'Face ID Security' detailing how the technology works, authentication, data protection, and keeping you safe.
Face ID vs Touch ID
FaceID is not just a system that compares a flat image of your face to others. Instead, it uses a new TrueDepth camera with various sensors that read the geometry of your face.
The odds of another person being able to unlock your device with Face ID is one in a million. With Touch ID, the probability is one in 50,000.
The document says it is likely that the system will not distinguish between you and your identical twin, as well as children under the age of 13, because “they may not yet have developed unique facial features.”
Face ID and security
This is how the TrueDepth camera works:
When she sees a face in the frame, the TrueDepth camera projects and reads over 30,000 infrared dots, from which it forms a 3D model of your face, as well as its 2D infrared image. After that, the model with the image is combined and sent to the Secure Enclave.
The neural system of the A11 Bionic processor, protected by Secure Enclave technology, transforms the received data into a mathematical model and compares it with a person authorized on the device.
The following Face ID data is encrypted in Secure Enclave:
- Infrared images of your face used for authentication.
- The mathematical model of your face used for authentication.
- Stored mathematical models of your face that are used to improve the performance of the technology.
This data does not leave your device. Face recognition takes place in the Secure Enclave using neural networks designed specifically for this purpose.
Neural networks can be updated
The neural networks used by Face ID can update over time.
To prevent the user from having to re-register their face after the neural network changes, iPhone X will automatically run the saved images through them.
The images are not only encrypted and secured in the Secure Enclave, but they are cropped so that only your face is visible without the background.
The facial images used to unlock the phone are not saved, but are immediately deleted after obtaining the mathematical model.
Attention Awareness function
Instead of constantly scanning your surroundings, the TrueDepth camera only activates when you:
- Pick up your phone or touch the screen.
- Click on the notification on the locked screen.
- You are using an app that asks for Face ID authentication.
By default, the phone will unlock when the TrueDepth camera recognizes your face and sees that your eyes are open and looking at it.
You can turn off the 'attention awareness' function and be able to unlock your phone without even looking at it. However, this will significantly reduce your safety.
Face ID Review: Setup, Operation, Security, Privacy & Vulnerabilities
Attention awareness is disabled when VoiceOver is activated.
Hats, glasses, and more
Face ID can be used indoors, outdoors, and even in total darkness. The technology works with:
- hats
- scarves
- glasses
- contact lenses
- sunglasses
The neural network of the A11 Bionic processor has been trained so that it cannot be fooled by a photograph or a mask of your face.
Natural face changes
In order to improve its work and recognize the natural changes in your face, Face ID stores its mathematical models. After each successful unlock, the system saves the received model, and then, based on it, improves the process of subsequent unlocks. Over time, old data is erased.
If Face ID cannot recognize your face, although its compatibility is higher than usual, and after that you enter the password, then:
Face ID reads the face again and creates a new mathematical model. This model will eventually be removed if subsequent attempts do not match it.
Apple says that in this way the system adapts to 'significant changes in your appearance like a new hairstyle or unusual makeup'.
Face ID and passwords
As with Touch ID, you will be prompted for a password in the following cases:
- After turning on or restarting the device.
- If the device has not been unlocked for more than 48 hours.
- The password has not been used for over 156 hours (6 and a half days), and Face ID has not been used in the last four hours.
- The device has been remotely locked.
- After five unsuccessful attempts at face recognition.
- After shutdown or emergency call.
Face ID won't replace your password, but it will provide quick and easy access to your iPhone X.
According to the company, having a password is very important because “a good password is the foundation of your device's cryptographic protection.”
Face ID and third-party apps
If the application supports Touch ID, then it will automatically work with Face ID even without updating.
As with Touch ID, apps only receive confirmation of successful authentication. You can also use a password for additional protection in third-party applications.
Face ID and Apple Pay
In addition to unlocking your device, Face ID is used to:
- Online shopping and payments Apple Pay.
- ITunes Stores, App Streaming and iBooks Store purchases.
- Authorization in applications that worked with Touch ID.
To make a payment Apple Pay, you need:
- Press the side button twice.
- Log in with Face ID.
- Bring iPhone X to the payment receiver.
Face ID and diagnostic data
The only case in which your face data will leave your phone is if you provide it to Apple Care yourself.
This will only happen at your request.
Here's how Face ID Diagnostics works:
Your registered face will be erased and you will need to set up Face ID again. iPhone X will record the unlock data for the next seven days. After that, images will no longer be saved.
Face ID data will not be automatically sent Apple. You will be able to preview them before shipping.
Only images you approved will be transferred to the company, the rest will be deleted. Once images have been transferred, they will all be automatically deleted from your device.
If you choose not to send your details, Face ID Diagnostics will automatically end after 90 days and all images will be deleted.