Thanks for the update. Will be good to get on the supported biometric apis for other phones as well so it sounds like this is a good refactor for security all around.
It’s not really that simple. People have assumed it’s security based on the false belief that it’s ‘FaceID’. Its also not quite the same as fingerprints unless your running a really old phone. Most fingerprint readers now need more info than just the print as those are terribly insecure.
No one has overstated its insecurity. It’s not the same as faceid and not as secure that’s what’s being said.
Not as secure as what’s being said? What has been said and what isn’t as secure? Did Google say it had liveness checks? I don’t think that is being advertised. And I know that liveness checks are not really that important and are easily fooled. I don’t want to put words in your mouth and I don’t want to suppose anything so don’t take this as an attack but just an honest question: is this security important to you or is faceID being “better” important to you?
The attack vector of someone knocking you out or sneaking up on you when you sleep is one very few should worry about and can be done equally with a fingerprint. Fingerprints don’t have liveness checks.
If you want stronger security to protect against those extremely unlikely outcomes then I hope you never used touch ID.
In any case, it is also possible to open someones eyes in those scenarios and still access the phone via faceID. Again an extremely unlikely scenario that almost no one should worry about.
If you are a political dissident in a country where the government might disappear you then you might want to worry about this. And you should certainly use a passphrase in that case, not faceID. But otherwise this issue is overstated and most folks really shouldn’t worry about it.
Or would you prefer that folks use 1234 pin that is so common?
1 Like
I’d like to suggest there is a Monzo app design issue here. This is unlikely to be the last time a new/revised/different security option is introduced and customers need to wait for an app update. Why can’t I manually lock the app on my phone as a workaround until Monzo updates to properly use Face Unlock? Why doesn’t the app auto-lock when it loses focus?
If you root the phone you will have a proxy for biometric
1 Like
Problem with that is I wouldn’t be able to use the Barclays app as it won’t work on a rooted device
2 Likes
I added the new biometric API to my app today, it took about 30 minutes. Yes, I know Monzo has other areas that they use biometrics to for security, but there’s still a problem. The difference between the “new” API and the old one (the one Monzo was using) is that the new one includes all of the functionality for you, including displaying a UI for it. Once you’ve implemented it into your app, it really is easy to call it again elsewhere, just with a different authentication callback. Not sure why it’s taking so long to be honest. I appreciate that Monzo wants to get it right first time, but the API is so simple to use I can’t imagine it taking much longer.
And regarding the security of Face Unlock itself, it’s just as safe as FaceID. The eyes-closed “issue” isn’t a security issue at all. We have never considered having your eyes open as a security requirement. Nobody complained about fingerprints when they first appeared, despite not requiring you to be awake to unlock. It’s an entirely fake issue. Face Unlock has been fully rated as a strong security method, no debate about it. This post explains it better than I can:
3 Likes
Damn, very true!
You can use magisk to hide the root normally.
Yes… we did. It was fairly terrible.
Depends how it’s being presented. It’s less secure than Face ID they aren’t the same. Pointing out that difference because of the confusion of people believing face unlock was the same as Face ID is perfectly fine.
Whether you need that extra security is a different matter, many people won’t, some people will. Face ID is a more advanced system, there’s nothing wrong with that. Just the same as the more advanced finger print systems making the less secure ones obsolete. Google will get there eventually I’m sure.
Freetrade just added face unlock to their app and it is nice! Can’t wait for Monzo to get their version out!
1 Like
Do you have any more information about the differences? I assumed the gathering and checking of 3d models of faces were the same across platforms and the only difference was the eye checking.
This makes a good read if you are interested in the differences:
2 Likes
Just had a read of that and it sounds largely the same?
The Pixel 4 just uses more sensors?
Yeah that’s pretty much what I got from it so I would say it is on par with Apple’s FaceID for security and the closed eye “issue” isn’t really a problem for me.
1 Like
Would it be possible to defeat these face-locking features by 3D printing or making a maquette of the subject’s head?
asking for a friend?
Ah, no. Asking as a skeptic of biometric locking. 
I would guess so. Can’t imagine they check temperature or texture?
Hey @BorisKach, I have one request when you finally get to release the Biometric support - please can you use setConfirmationRequired(false), I don’t want to tap confirm every time I use the face unlock.
This site explains what I mean for anyone curious: