Apple has described how Face ID works and how it guarantees security in a new white paper
Apple has described how Face ID works and how it guarantees security in a new white paper
In a nutshell, Face ID allows to unlock the iPhone X by detecting the geometry of your face and matching it against a stored mathematical model using the iPhone X A11 chip neural engine. Still, even on a device configured to use Face ID, the cornerstone to security remains the passcode that is used to encrypt user data. In other words, Face ID makes it more convenient to use stronger passcodes by reducing the frequency with which the user is asked to enter it. According to Apple, there is a 1 in 1,000,000 probability that a random person could trick Face ID into believing its you, which is a significant improvement over Touch ID 1 in 50,000 probability.
The iPhone X camera, dubbed TrueDepth, uses infrared technology to create depth maps of a face which are then sent to the iPhone Secure Enclave along with the corresponding 2D infrared images. Using depth information makes it impossible to use digital photos to unlock the device, since they do not contain depth information. Additionally, Face ID requires that your eyes are open and looking towards the device, which makes it difficult to unlock it without you being aware of it (e.g., when asleep).
Face ID actually uses multiple neural networks which can be classified in two categories: facial recognition and anti-spoofing. Facial recognition neural networks can work with hats, scarves, glasses, contact lenses, and many sunglasses. The anti-spoofing neural network is aimed to prevent unlocking the phone using photos or masks.
Face ID only stores to the Secure Enclave a mathematical representation calculated from the infrared image taken by the camera. That stored model is then matched against the mathematical representation of a face during an unlock attempts. Since the appearance of a person can vary over time, e.g., by letting grow or cutting a beard, Apple has included a mechanism to retrain the neural networks so they can evolve over time and adapt to that person’s face. Retrain happens automatically upon a successful unlock. Conversely, if unlocking fails, the user is asked to enter their passcode and if the passcode is correct the new Face ID data is used to retrain the neural networks.
Besides unlocking a device, Face ID is also available for third-party apps to authenticate the user. Specifically, all Touch ID-compatible apps will support Face ID without any code changes.
Apple white paper contains many more interesting details about Face ID workings, so make sure you do not miss it in case you are interested.