Summary created by Smart Answers AI
In summary:
- Tech Advisor reports that 64% of Android phones tested since 2022 have facial recognition systems easily fooled by simple 2D photos.
- Major brands including Samsung flagships, Oppo, and Motorola failed security tests, while Google Pixel and Apple iPhone models passed using more secure technology.
- This vulnerability exposes personal data like photos and emails, making PINs or fingerprint authentication safer alternatives for users.
UK-based consumer choice organisation Which? has highlighted a shocking shortfall in security that affects almost two-thirds of modern smartphones.
Which? reports that of the 208 phones it has tested since 2022, a staggering 133 (that’s a clear majority of 64%) could have their facial identification systems fooled by a simple 2D photo.
The list of brands that fell foul of this crude bypass method is extensive, including Asus, Fairphone, Honor, HMD, Motorola, Nokia, Nothing, OnePlus, Oppo, Realme, Samsung, Vivo and Xiaomi.
While the report points out that budget and mid-range models are the main weak points here, it’s not exclusively a cheap phone problem. Flagship handsets such as the Oppo Find X9 Pro, the Motorola Razr 50 Ultra, and the Samsung Galaxy S25 range all failed the test.
The year 2024 was particularly bad in their reckoning, with 72% of the phones tested falling foul of the 2D photo hack.
Android models that did pass this test include recent Google phones, such as the Google Pixel 10, Pixel 9, and Pixel 8, as well as the recent Samsung Galaxy S26 series.
Apple’s iPhone range obviously passes with flying colours, having pioneered proper 3D facial recognition technology. The likes of the Honor Magic 8 Pro (pictured below), meanwhile, is one of precious few phones to adopt a similarly advanced biometric system.
Chris Hall / Foundry
Time to face facts
This is not a new issue, of course, and most Android phones that fail this test will offer a warning message when you set them up.
However, Which? has noted its concern that some manufacturers aren’t doing enough to apprise users of the inherent weakness of non-3D facial recognition systems.
It picks out Motorola, OnePlus and Nothing, in particular, as being prominent brands that don’t offer a sufficiently clear upfront warning of the drawbacks to their facial recognition systems.
While it’s not possible to use these insecure facial recognition systems to approve mobile payments, they still grant access to personal data such as photos, private messages and emails. The latter, in turn, could grant potential thieves the ability to reset account passwords.
The simple answer to this security weakness, for anyone with an affected phone (which is most Android users), is to not set up face-based access at all, and to lean on good, old-fashioned PIN and fingerprint systems.
Alternatively, many Android phones make it possible to lock sensitive apps such as WhatsApp behind these more secure entry mechanisms, so that 2D facial recognition only gets you as far as your Home Screen.
