While this may not come as a surprise to everyone—especially those who follow developments in tech forums—it remains an important issue that continues to raise concerns. Over the past few years, discussions have highlighted a critical vulnerability in some smartphones: the ability to unlock certain Android devices using nothing more than a simple 2D photograph printed on paper.
A survey conducted by Which?, and widely circulated on social media, found that several well-known smartphone brands—including Samsung Galaxy Series, Motorola, Xiaomi, Vivo, Honor, Nokia, and Oppo—were susceptible to this method. In these cases, the facial recognition systems could be tricked by a low-resolution image, suggesting that not all implementations of this technology are equally secure. This raises serious concerns about the reliability of basic facial recognition systems, particularly when they rely solely on 2D image matching rather than more advanced sensing techniques.
In contrast, Apple iPhone devices performed significantly better in the same tests. Apple’s Face ID uses a more sophisticated approach, employing infrared sensors and structured light to create a detailed 3D depth map of a user’s face. This depth-based analysis makes it far more difficult for attackers to bypass the system using flat images or simple replicas. As a result, these devices were rated as more secure in terms of biometric authentication.
For Android users who rely heavily on facial recognition to protect their data, this finding is worth serious consideration. Many people assume that biometric locks automatically guarantee a high level of security. However, if a device can be unlocked with a printed photo, sensitive information stored on the phone becomes vulnerable. This risk becomes even more significant when financial applications are involved.
Consider a scenario where a user stores payment details in a digital wallet like Google Pay. If an attacker gains access to the phone through photo spoofing, they may potentially access saved card information or initiate unauthorized transactions—especially if additional safeguards are not in place. Even partial access to such data could lead to financial loss or identity theft.
In response to these findings, Which? has called on smartphone manufacturers to strengthen their biometric security systems. Improving facial recognition technology—particularly by incorporating depth sensing or multi-factor authentication—could significantly reduce the risk of unauthorized access. Until then, users are advised to complement facial recognition with more secure options, such as strong passwords or fingerprint authentication, to better protect their personal and financial information.
Join our LinkedIn group Information Security Community!
