Summary created by Smart Answers AI
In summary:
- Tech Advisor reveals that 64% of smartphones tested since 2022 have facial recognition systems that can be easily bypassed using a simple 2D photo. This issue affects major brands such as Samsung, Motorola, and Oppo.
- This vulnerability can expose personal data like photos and emails, although it doesn’t enable approval of mobile payments or access to high-security features like Samsung Wallet.
- Users are advised to use PINs or fingerprint systems instead, as Google Pixel and Apple iPhone models equipped with 3D facial recognition provide better security.
The UK consumer choice organization, Which?, has brought attention to a significant security issue affecting nearly two-thirds of modern smartphones.
According to Which?, 64% of the 208 phones tested since 2022 were vulnerable to having their facial identification systems deceived by a simple 2D photo, with 133 phones failing the test.
The brands susceptible to this exploit include Asus, Fairphone, Honor, HMD, Motorola, Nokia, Nothing, OnePlus, Oppo, Realme, Samsung, Vivo, and Xiaomi.
While budget and mid-range models are primarily affected, some flagship devices such as the Oppo Find X9 Pro, Motorola Razr 50 Ultra, and Samsung Galaxy S25 series also failed the security test.
The year 2024 was particularly concerning, with 72% of phones tested being vulnerable to the 2D photo trick.
However, Android models like the Google Pixel 10, Pixel 9, Pixel 8, and the latest Samsung Galaxy S26 series passed the security test.
Apple’s iPhone lineup, known for pioneering 3D facial recognition technology, passes the test easily. The Honor Magic 8 Pro is one of the few other models employing advanced biometric security.
Chris Hall / Foundry
Time to face facts
This issue is not new, and most Android phones that fail this test provide a warning message during setup.
However, Which? has expressed concern that some manufacturers do not adequately inform users about the weaknesses of non-3D facial recognition systems.
Motorola, OnePlus, and Nothing were specifically mentioned as brands that do not provide sufficient upfront warnings regarding the limitations of their facial recognition systems.
Although these insecure facial recognition systems cannot be used for mobile payments, they still provide access to personal information, such as photos, messages, and emails. This access could allow thieves to reset account passwords.
The best way to address this security issue is for affected users, primarily Android users, to avoid using facial recognition and instead rely on traditional PINs and fingerprint systems.
Alternatively, many Android devices offer the option to lock sensitive apps, like WhatsApp, with more secure access methods, ensuring 2D facial recognition only grants access to the home screen.
Update – Samsung responds
Following the publication of this article, Samsung reiterated that “Galaxy phones clearly specify the various levels of security of their lock types, with the highest level of security offered by the fingerprint reader. It is important to reiterate that facial recognition, while convenient, can only be used for opening your Galaxy device and cannot be used to authenticate access to features requiring stronger security, such as Samsung Wallet.”
Therefore, the issue persists: users of facial recognition on phones not identified as secure should be aware of potential vulnerabilities and take additional steps to protect sensitive information.
