Shortly after Google's Pixel 4 launch last week, the BBC discovered that its Face Unlock biometric security system would unlock your phone, even if your eyes were closed. That would mean that someone could unlock your phone even if you were sleeping, which makes the Pixel 4 a less secure than Apple's iPhone Face ID, which requires "attention" or open eyes.
Google has confirmed the issue to Engadget and offered a workaround. "We've been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months," the company wrote in a statement. "In the meantime, if any Pixel 4 users are concerned that someone may take their phone and try to unlock it while their eyes are closed, they can activate a security feature that requires a pin, pattern or password for the next unlock."
According to a leaked image spotted by the Verge, it seemed that an earlier version of the Pixel 4 had a setting called "require eyes to be open," much as Face ID does. However, that feature was nowhere to be found on launch day, and won't be available when the phone goes on sale on October 24th.
Other than that issue, the Pixel 4's face unlock system is secure thanks to an infrared system that creates a depth map of your face so that it can't be tricked by a photo. "Pixel 4 face unlock meets the security requirements as a strong biometric, and can be used for payments and app authentication, including banking apps," Google said. "It is resilient against invalid unlock attempts via other means, like with masks."
If you're not comfortable with the eyes-closed-only setting for now, your best bet is to enable the "lockdown" option as shown here. It can be added directly to the power menu option for quick access, and each time you enable the feature, it will force the user to enter a PIN.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
HTC has announced a new entry-level phone aimed at cryptocurrency users called the HTC Exodus 1S, a followup to the $699 Exodus 1 that was originally released last year. The Exodus 1S is a much cheaper device at €219 (around $244), and offers much less powerful hardware built around a Qualcomm Snapdragon 435 processor.
The Exodus 1S’s big new cryptocurrency feature is that it’s able to run a full bitcoin node, which HTC says is a first for a smartphone. It’s something the company has been talking about wanting to do since the announcement of the original Exodus 1. Speaking to Forbes, HTC’s Phil Chen said that being able to run a full node means that the phone can relay, confirm, and validate bitcoin transactions, which offers more privacy and also allows you to contribute to the security of the network.
Running a full bitcoin node on a phone comes with its limitations. HTC recommends that you connect the phone to Wi-Fi and plug it into a power source while it’s running the full node, and you’ll also need to buy an SD card with a capacity of 400GB or more if you want the phone to be able to hold a full copy of the Bitcoin ledger. The Exodus 1S will also not be able to operate as a mining node.
Outside of its blockchain capabilities, the HTC Exodus 1S features entry-level hardware. It’s got a 5.7-inch HD display, 4GB of RAM, 64GB of internal storage, and it has a single rear-facing 13-megapixel camera. It charges over MicroUSB, but at least you get a 3.5mm headphone jack.
HTC’s Exodus phones are an ambitious attempt by the company to appeal to cryptocurrency enthusiasts as its smartphone sales have plummeted in recent years. Compared to the Exodus 1, the cheaper starting price of the Exodus 1S could make it appealing as a secondary device to experiment with.
The HTC Exodus 1S won’t be available in the US, but you can now order it from HTC’s site in Europe, Taiwan, Saudi Arabia and the UAE. Naturally, HTC will happily accept payment in bitcoin, ethereum, litecoin, Binance coin, and bitcoin cash for the phone.
Face unlock on the Pixel 4 could inspire other Android phones.
Sarah Tew/CNET
With the blink of an eye, Google's Pixel 4 has accomplished something that no other significant Android phone-maker has. It finally caught up to iPhone's Face ID -- a biometric unlocking feature that Apple popularized two years ago -- to unlock the phone and buy things with a scan of your face. Now that a secure version exists in Android phones, face unlock will be the killer feature every Android user will want.
The face unlock feature on Android phones has existed for years, but mostly as a convenience that's been flimsy enough to fool with photos. Face ID's more rigorous process meant it was secure enough for transactions.
Now playing:Watch this:
Should you upgrade to the Pixel 4?
7:06
With consumers more aware of the value of their privacy, being able to offer secure face unlock is potentially even more convenient than scanning your fingerprint or entering a pin code. Closing the gap with Face ID also gives Google an edge over Samsung, LG, Huawei and all the rest at a time when Google can sell its phones across all major US carriers, providing an opportunity to make the Pixel, which hasn't historically sold well, more of a household name.
But more importantly, the Pixel 4's adoption of this secure version of face unlock could have ripple effects throughout the rest of the Android world. If Google folds the blueprint for this secure version of face unlock into the Android OS, it will all but guarantee that every midrange and premium phone will use the feature, since roughly 90% of all smartphones run on the platform.
Why face unlock matters
Face scanning, along with fingerprint scanning, is one of the few biometrically secure methods of verifying your identity. On a phone, it's meant to be a fast, convenient and mostly hands-free alternative to fingerprint readers. Using face unlock instead of a fingerprint reader can free up space on the screen and keep you from fumbling on the back or side of the phone to unlock it.
Proponents of face unlock also claim that it's more secure than fingerprint readers and harder to fool with images and synthetic appendages, like dummy fingers. It has the power to authenticate password autofill in addition to mobile payments.
The technology works by scanning your features and creating a stored image that the phone then compares to your face whenever you attempt to unlock your device. Versions that are less secure create optical images with the camera, which are easy enough to fool with photos, masks or other spoofs.
This is how Google visualizes the Pixel 4's Soli radar sensor to detect your presence and motion.
Sarah Tew/CNET
Apple, and now Google, uses an infrared sensor to project tens of thousands of dots onto your face. This creates a 3D depth map with far more data on the length, shape, span and width of your unique features.
While the iPhone requires you to swipe up from the bottom of the screen to finish unlocking the phone (after it's verified your identity), the Pixel 4 uses Motion Sense, a collection of motion-sensing features that are driven by radar to recognize when you're reaching for your device. That alone will trigger the Pixel 4 to unlock the screen.
Using gestures and a glance to unlock the phone should be faster than swiping it -- at least, according to Google. This is something we'll test soon.
You can't see the radar chip inside, but it's to the right of the speaker grille.
Angela Lang/CNET
Why only now?
It isn't clear why the Android competition has lagged so far behind when it comes to truly secure face unlock. Qualcomm bundled support for a 50,000-dot projector into its Snapdragon 845 chipset a year after the iPhone X launched in 2017, but rivals were slow to take up the technology.
Perhaps some of these device-makers lacked the technology or software teams to get the feature secure enough, or perhaps they wanted to put their own spin on the secure face unlock realm, as Google has now done.
Either way, Google's opportunity to innovate on hardware by pairing Motion Sense gestures to the face unlock mechanism isn't just a long-overdue way for the brand to flex its technical muscle. And it isn't just a way for Pixel phones to race ahead. Because of Google's considerable resources and reach, its blueprint for face unlock on Android phones has the potential to push biometrics even further into the future.
Now playing:Watch this:
The Pixel 4 is losing a lifelong fan
In May, Facebook said it was going to redesign the website and bring dark mode to its website and mobile apps. While it began testing dark mode for its Android app in August, it has now started rolling out a beta version of its website with that option to someusers too.
Multiple people are being invited to test the new interface. The screenshots shared by testers are akin to design Facebook showed off at its developer conference F8 in May. The new version of the website kinda looks like Twitter:
This is just a test version, so the final release of dark mode and the new interface might not look the same. Thankfully, if you don’t like the new look, there’s a handy toggle that lets you switch to the good ol’ classic version of the website.
We’ll keep an eye on this, and update you as soon as the new interface and dark mode is available for a wider audience.
NASA's InSight lander was supposed be digging a hole so a probe (above) could measure the heat escaping from Mars' interior, but it hasn't made much progress since work got started in February -- it hadn't even finished burying itself. At last, it's making some headway. The agency has revealed that the probe, nicknamed "the mole," is finally digging in earnest thanks to a new strategy. The arm had been stymied by unusually rough soil, but the team found it could get the necessary friction by having InSight press its robotic arm against the probe.
It's still moving slowly. The mole has dug roughly three quarters of an inch since October 8th, and it could venture as deep as 16 feet. It could be a long, long time before the probe reaches its potential. Nonetheless, it's a huge relief to scientists worried that one of InSight's key instruments might go to waste. So long as there aren't rocks or other hard obstacles underneath, the probe could shed more light on what's happening beneath Mars' surface.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Samsung has spent millions on making its phones more secure, and on making sure customers know about it. You’d think all that money would be enough to fend off the threat of a $2 silicone case. Apparently not.
You don’t need a 3D printer, super-high-res camera, latex molds, or any cloak-and-dagger nonsense. A dirt-cheap phone case is all you need to unlock someone’s Samsung flagship.
이슈가 되고 있는 갤럭시 S10, 노트10 기종 실리콘 케이스 지문인식 뚫리는 현상 테스트해봤습니다….
It’s hard to excuse this massive breach of trust, and it’s even harder to understand why Samsung has so far failed to apologize to customers. Yet, this embarrassing mishap isn’t that surprising in the scheme of things.
Biometrics make for poor security anyway
The truth is, fingerprints and other biometric authentication methods are flawed. You shouldn’t rely on them if you actually care about mobile security. PINs and passwords are much more secure — if less convenient — methods of authentication.
There are several reasons why an old-fashioned password is preferable to fingerprint readers, facial scanners, or retina/iris scanners.
For one, it’s easier to force someone to unlock their device with their fingerprint or face than it typically is to force them to reveal a password or PIN. It’s much easier to trick people into unlocking their device too — sometimes all it takes is to place the device in front of them while they’re sleeping (just ask Google Pixel 4 reviewers).
An old-school password is preferable to fingerprint readers, facial scanners, or retina/iris scanners
You could argue that fingerprint and facial scanners are good enough for 99% of users. Granted, most people will never have to worry about authorities rummaging through their messages or any shady entities stealing their fingerprints from their Facebook profile. It’s also true that biometric sensors have improved security for millions of users who, otherwise, could not be bothered with typing a PIN every time they unlock their phones.
How do you update your fingerprints or your retina?
But the stakes are getting higher all the time. We now use our faces and fingerprints to unlock our bank accounts, authorize payments in stores, and gain access to password lockers like LastPass. For now, that means your digital identity. In a few years, smartphones will be your identity, both online and in real life.
Finally, passwords have another massive advantage over biometric authentication methods: they’re disposable. You can always change your PIN or password, but what happens when your immovable physical traits leak? How do you update your fingerprints or your retina?
What you can do
If you’re worried about smartphone security, there are a few simple things you can do to protect yourself:
Pick a secure authentication method (PIN or password), but don’t be lazy: the more characters you use, the safer.
Avoid pattern locks. They’re easier to spy on, and less secure than a good PIN or password.
Disable features like Smart Lock that keep the device unlocked when it’s in certain areas or when a Bluetooth device is connected.
Understand the difference between the various face unlock methods — the ones that use laser or infrared to scan your face are more secure than those that rely on the front-facing camera.
Enable Lockdown mode, available on Android Pie and later. This gives you the option to quickly disable all unlocking methods except the PIN or password.
Buy devices from reputable manufacturers that are more likely to receive regular security and system updates.
In general, practice basic security hygiene. The chances of getting hacked remotely are much higher than of someone getting physical access to your device.
One of the key selling points of Pixel 4 is the fact that it has the much faster “new” Google Assistant on board. However, there are a couple of details that might ruin that for some users. The new Google Assistant requires that you use gesture navigation, and that you don’t have any G Suite accounts on your device.
Nomad case for Pixel 3
Android Police uncovered a support document with a list of requirements for the new Google Assistant on the Pixel 4. It explains what version of the Google app you’ll need, the fact that it will only work in English in the United States, and also notes that gesture navigation is required too.
That last point was a bit of a shocker considering the Pixel 4 also supports three-button navigation, and it was unclear if it was a permanent change. Google later reached out, saying that this actually wasn’t the case, and that users could still activate the new Google Assistant with three-button navigation, but it quickly walked back that statement. Even if you trigger Assistant using Active Edge, you’ll need gestures enabled.
A slightly more annoying part of the “new” Google Assistant’s requirements on Pixel 4 is that you can’t have a G Suite account on the device at all. Not only can that account not be the “primary” one, but it can’t be signed in on the deviceat all. For those who have accounts through work or school that need access to their emails on the go, this is going to be a very annoying requirement.
Update 10/19: Google tells Android Police that it is “actively working” on a fix for this G Suite issue. There’s no timetable for when it will be patched up, but we’re glad to see Google is extending an olive branch to G Suite users. In the meantime, the company points to using a work profile on your device to access work/school accounts without disabling access to the new Assistant. It’s still a hurdle, but at least it makes it possible.
