If you share your iPhone with someone, Face ID might eventually let them unlock it

Turns out, if you share your iPhone regularly with someone and let them unlock the device by typing your passcode, Face ID will eventually learn their face and let them unlock it.

Have you ever come across a situation where Face ID suddenly starts recognizing a family member and lets them unlock your iPhone, even though their face bears no similarity with yours?

If that’s the case, it’s more likely that in the past, you’ve let them type your passcode to access the device.

A first-hand experience

A similar situation occurred in two isolated incidents with two different people within our close circle. In both cases, the person in question had shared their iPhone passcode with another person within their family, a brother in one case, a spouse in another.

They had both initially started accessing the primary user’s iPhone by typing the passcode. But over time (about a period of ~3 months), after unlocking ~50 times with passcode, both the brother and the spouse were able to successfully unlock the primary users’ iPhones with their faces. They didn’t have to type the passcode to unlock the device.

So, what happened? And should it be a concern for iPhone users? In this article, we’ll share our experience and understanding of the situation.

How Face ID might recognize someone else’s face

Ever since the second incident occurred, we’ve done some research on this, and noticed via another camera feed that the infrared camera of the iPhone’s TrueDepth camera system blinks even while the device is unlocked by typing the passcode.

Face ID IR at work as user enters passcode

Now, Apple mentions in their support article on Face ID, “Each time you unlock your device, the TrueDepth camera recognizes you by capturing accurate depth data and an infrared image.”

At this point, we think, when another person successfully unlocks an iPhone by typing the passcode over a significant period, Face ID probably learns their face as just another appearance of the primary user. Consequently, they end up unlocking the iPhone with Face ID.

Does a passcode change have an impact on Face ID data?

Another strange thing we observed is, the family member who could unlock the iPhone successfully with their face earlier, could no longer do so when the primary user had changed the device passcode.

From this, we can safely assume that the data that Face ID learns over time is wiped out when the passcode is changed. But, the basic face training data (the data saved during the initial Face ID setup) is still available, as the primary user could still unlock the iPhone with Face ID after changing the passcode, without any additional training.

Is it a security concern?

We don’t think this is a security concern, as Face ID only learns another person’s face when they successfully unlock the user’s iPhone by entering the device passcode. The passcode is the primary pillar of security on your iPhone. If you’re sharing the passcode with someone else, you’re effectively authorizing them to access your iPhone.

We don’t have sufficient data to conclude anything specific from our experience. But, it’s interesting to see how Face ID operates. If you know the device passcode, it doesn’t matter whether you can unlock it with Face ID.

All posts on 7labs, including this one, are compliant with our Content Disclosure policy.