How Apple’s Face ID works, learns, and protects

Apple has unveiled a new version of its privacy page and a paper throwing more light on how Face ID, its newest biometric authentication option, works on iPhone X (“Ten”).

The former places even more importance on security and privacy features and policies, something that Apple is becoming even more vocal about than before. It’s abundantly clear that Apple believes those things are increasingly becoming an important selling point.

Releasing the latter is a wise decision, and should help users feel more comfortable using Face ID and more likely to use it. After all, it will be the only biometric authentication option on that phone – the Touch ID fingerprint sensor has been removed.

More on Face ID security

The paper delineates many interesting things about Face ID.

For example: It will unlock devices only if it can “confirm attention”, i.e. the user must be looking directly at the screen. The option will be disabled by default if VoiceOver is activated, and can be disabled separately, if the user wishes or needs it.

Face ID also can’t be set up without setting up a passcode. The device will fall back on requesting the passcode if:

• It has been turned on or restarted
• It hasn’t been unlocked for more than 48 hours
• The passcode hasn’t been used to unlock the device in the last six and a half days and Face ID has not unlocked the device in the last 4 hours.
• It has received a remote lock command
• After five unsuccessful attempts to match a face
• After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds. This is a simple way to disable Face ID quickly and surreptitiously.

Face ID works in conjunction with two neural networks. One has been extensively trained to perform the facial matching required for it to work as intended, the other is trained to spot and resist spoofing defends against attempts to unlock the phone with photos or masks.

The former will not be stymied by hats, scarves, glasses, contact lenses, and sunglasses, as well as different lighting conditions (including total darkness). Face ID has a way to keep pace with natural changes (ageing, facial hair, makeup) by augmenting its stored mathematical representation of the users’ face.

Apparently, the probability that a random person will be able to unlock a user’s phone through Face ID is approximately 1 in a million (twins and siblings could have better luck). On the other hand, Face ID might not be the best option for children under the age of 13, as their distinct facial features may not have fully developed.

Apple is not collecting data

No specific information has been offered about how the anti-spoofing neural network works, but the company made sure to point out that using Face ID doesn’t mean that Apple will collect photos of users’ faces.

The photos taken during enrollment are not sent to Apple. They are used to create mathematical representations of the user’s face, and are saved only on the device.

“The neural networks may be updated over time. To avoid a user having to re-enroll to Face ID when these neural network changes are made, iPhone X will be able to automatically run stored enrollment images through the updated neural network,” the company noted.

“In addition to being encrypted and protected by the Secure Enclave, these enrollment images are cropped to your face, minimizing the amount of background information. Face images captured during normal unlock operations aren’t saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data.”

Apple has made it so that users who want to send Face ID diagnostic data to AppleCare will have to explicitly confirm their wish to do so, and will be able to choose which data will be uploaded and which not. All that data will afterwards be deleted from the device.