UK Android Users Face Security Risks with 2D Facial Recognition

ByLakhan Chouhan Hours
A close-up of a person's face being scanned by a smartphone, with a red X marked through it, indicating the security risks of 2D facial recognition. The image highlights the importance of advanced biometric systems, such as 3D facial recognition, in protecting user data and preventing potential threats.

Security Flaws in Android Phones: A UK Concern

UK-based consumer choice organisation Which? has highlighted a shocking shortfall in security that affects almost two-thirds of modern smartphones. The organisation tested 208 phones since 2022 and found that 133 could have their facial identification systems fooled by a simple 2D photo. This is a clear majority of 64% and a significant concern for UK Android users.

The list of brands that fell foul of this crude bypass method is extensive, including Asus, Fairphone, Honor, HMD, Motorola, Nokia, Nothing, OnePlus, Oppo, Realme, Samsung, Vivo and Xiaomi. While budget and mid-range models are the main weak points, it’s not exclusively a cheap phone problem. Flagship handsets such as the Oppo Find X9 Pro, the Motorola Razr 50 Ultra, and the Samsung Galaxy S25 range all failed the test.

The year 2024 was particularly bad, with 72% of the phones tested falling foul of the 2D photo hack. Android models that did pass this test include recent Google phones, such as the Google Pixel 10, Pixel 9, and Pixel 8, as well as the recent Samsung Galaxy S26 series. Apple’s iPhone range obviously passes with flying colours, having pioneered proper 3D facial recognition technology.

Chris Hall / Foundry has noted that this is not a new issue, and most Android phones that fail this test will offer a warning message when you set them up. However, Which? has noted its concern that some manufacturers aren’t doing enough to apprise users of the inherent weakness of non-3D facial recognition systems. It picks out Motorola, OnePlus and Nothing, in particular, as being prominent brands that don’t offer a sufficiently clear upfront warning of the drawbacks to their facial recognition systems.

While it’s not possible to use these insecure facial recognition systems to approve mobile payments, they still grant access to personal data such as photos, private messages and emails. The latter, in turn, could grant potential thieves the ability to reset account passwords. The simple answer to this security weakness, for anyone with an affected phone, is to not set up face-based access at all, and to lean on good, old-fashioned PIN and fingerprint systems.

Alternatively, many Android phones make it possible to lock sensitive apps such as WhatsApp behind these more secure entry mechanisms, so that 2D facial recognition only gets you as far as your Home Screen. The Honor Magic 8 Pro is one of precious few phones to adopt a similarly advanced biometric system, and it’s a good example of how manufacturers can prioritise security and user safety.

Similar Posts