Ever since that fateful Face ID demo during the iPhone X unveil, Apple hasn’t really given us more details on how its new authentication system works. Developers and users have had questions about reliability and implementation, so in classic Apple style, we’ve got the answers two weeks late, in a quietly-released support document and technical white paper.
The paper, titled “Face ID Security,” has every detail you want about how Face ID works compared to Touch ID.
In most respects, Face ID operates just like Touch ID. Apple emphasizes that neither system replaces a passcode; instead, the convenient access system makes a more complex passcode more usable, because you have to enter it less frequently.
There’s still a list of times you’re always going to have to enter your passcode, though. Apple says it will be required in the following circumstances:
• The device has just been turned on or restarted.
• The device hasn’t been unlocked for more than 48 hours.
• The passcode hasn’t been used to unlock the device in the last 156 hours
(six and a half days) and Face ID has not unlocked the device in the last
4 hours.
• The device has received a remote lock command.
• After five unsuccessful attempts to match a face.
• After initiating power off/Emergency SOS by pressing and holding either
volume button and the side button simultaneously for 2 seconds.
According to Apple’s research, the chances of a false match are 1 in 1,000,000, as opposed to 1 in 50,000 for Touch ID. However, the probability of a false match is higher ” for twins and siblings
that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed.”
As Apple explained before, Face ID uses an infrared depth sensor, which projects and tracks 30,000 infrared dots to form a “depth map” of your face. That data is then combined with 2D infrared images, and analyzed by the processor for a match.
That’s radically different to the kind of facial recognition used by Android phones in the past. That system relied on the front-facing selfie camera alone, which is why it could be easily fooled by photos or print-outs, and easily confused by sunglasses.
Just like Touch ID, Apple stresses that all the identifying information for Face ID is encrypted and held on the phone’s “Secure Enclave” chip. It’s not sent to Apple — where it would be liable to be subpoenaed by government agencies — or otherwise transmitted. If you were happy trusting your fingerprint to Touch ID, you shouldn’t have any problems giving your face to Face ID.