Do we look that much alike? My son's face can open my iPhone

When my 10-year-old son picked up my iPhone last month, he had no idea he was about to make a discovery.  Before he had a chance to enter the passcode, my Face ID welcomed him in.

For those unfamiliar with the Apple iPhone, Face ID is a facial recognition security feature that gives the phone's owner access to their device without having to enter a passcode. Face ID was introduced by Apple to replace the previous biometric security feature using fingerprints.

That's why I was shocked when my son's face gave him access to my phone.  

I initially assumed it was a random one-time occurrence or something was wrong with my Face ID. However, neither would prove true. My son's unfettered access continues, and trials with my other sons, non-relatives and friends showed my Face ID was functioning well and otherwise kept my phone secure.

But it did lead me to wonder about whether other families were making similar discoveries. I spoke with many people within my social and professional networks and it turns out that my son and I aren't in a unique situation.

When the topic came up in our newsroom, CBC science specialist Darius Mahdavi said he and his sister Persia can also open each other's phones. 

Persia Mahdavi said she found the situation amusing.

"I picked up Darius's phone and was going to enter the passcode, when the Face ID unlocked the phone. I laughed very hard, called everyone over, then tried it a bunch more times, and it kept working for me."

Persia uses her phone for Apple Pay and to log into other apps on her phone, but said she's not worried.

"I thought it was hilarious. I showed everybody. Darius was less amused. His face opened my phone inconsistently, but I could open his phone every time."

She said even though she knew they looked alike, "I didn't think we looked that alike."

However, in her family, it's not just Persia and brother Darius who can open another person's phone through Face ID — their dad and his brother can do it to each other as well.  

According to the Apple website, the probability that a random person in the population could look at your iPhone or iPad Pro and unlock it using Face ID is less than 1 in 1,000,000.

However, it goes on to state "the statistical probability is higher — and further increased if using Face ID with a mask — for twins and siblings that look like you, and among children under the age of 13, because their distinct facial features might not have fully developed."

I reached out to Apple to discuss just how much higher the probability is for siblings or family, as well as the age distinction, as my son is only 10, but Apple declined an interview and referred me to their website.

However, one expert on facial recognition technology and biometrics was surprised by the cases I was coming across, where family members could access devices through Face ID.

Anil Jain is an expert in biometrics recognition, a university distinguished professor from the department of computer science and engineering at Michigan State University.

He said that when Apple introduced Face ID in 2017, it was pretty sophisticated face recognition technology with an infrared sensor and depth sensor. When we look at the screen, it projects a grid of light pattern on your face. 

"You can view this as a light source projecting a ray of beams on your face and the time it takes for a beam to return indicates the distance to make a 3D map of your face."  That's what makes it easy for the iPhone to tell whether it's a 3D human face or a picture, and makes it much more secure, he said.

However, Jain said, no biometric systems are foolproof, whether it's your fingerprints, face or iris in your eyes.

He acknowledged that familial similarity can make access possible in some cases, but he does not believe it is very common.

"Apple or other mobile phone companies wouldn't release products that can be easily fooled," he said.   

But, Jain added, people who are concerned about their device's security or their private apps should use two- factor authentication. 

Perhaps something to consider for people who have family with faces that are too familiar?