Botched Android Biometric Authentication Systems
Last week’s headlines were an exercise in illustrating just how far ahead of the competition Apple is in some areas, as the BBC revealed that incredible security issues exist for Google’s and Samsung’s latest flagship devices.
Google’s new Pixel 4 has a facial recognition system which they’ve made a point of touting is the only one, besides Apple’s Face ID, that is secure enough to be used for sensitive authentications, such as authorizing payments. Unfortunately, their facial recognition system doesn’t really meet that standard, because it works even with your eyes closed, as opposed to Apple’s Face ID, which not only requires your eyes to be open, but also for your eyeballs to be aimed at your device. Google admits that, in theory and in practice, this would allow a third party to unlock your device by holding it up to your face while you’re sleeping or otherwise unconscious.
Samsung, on the other hand, was trying to look cool by making an in-display, ultrasonic fingerprint scanner, which does sound pretty cool, except that it doesn’t work. Not that it won’t recognize your finger, it’s just that it WILL accept anyone’s finger if the device has a cheap plastic screen protector on it; such screen protectors are, unfortunately, ridiculously common.
Can you imagine if Apple shipped a device with a security feature that could be fooled by any finger in the world and a cheap piece of plastic? In Samsung’s and Google’s defense, both companies have announced that they intend to release software patches to address these issues in the coming weeks, but it’s astonishing that they shipped them in the first place. It’s a good thing Android has a reputation for having such a high percentage* of users on their most recent software versions.