Facevault is a one-dollar photo archive app that can only be unlocked by one person – the one with the right face.
It sounds neat, and yes, it works. But the face recognition features come at a price, and are hindered by a flaw that affects other apps using the same technology: it can’t tell the difference between real faces, and photos of real faces.
In order to know that your face is the correct one for unlocking the photo archive, Facevault connects to the online face.com service to check. That means two things. First, you need an internet connection to make it work; and second, it’s a requirement of using the app that you agree to send your photo to face.com’s database.
Some people won’t bat an eyelid at that, but I’m one of the people who does. I’m instantly suspicious of anything that wants to know who I am or what I look like. Especially things that don’t appear to offer me any way of deleting data about me (I looked all over the face.com site and couldn’t find anything about this – I’d be happy to be proved wrong).
UPDATE: Gil Hirsh from face.com got in touch saying this:
OK, so personal antipathies declared: what’s Facevault like to use?
Developer Robert Neagu would ideally like to make this available as an alternative to Apple’s own iOS lock screen. Apple, of course, won’t let him. (They’re probably working on their own technology for that.) But, after multiple submissions to the store, they have allowed Facevault in. Robert says it’s a proof-of-concept, using the face unlock feature to secure a photo vault.
The vault features are basic, but functional. There’s a camera for taking pictures from inside the app, and simple controls for exporting images back to the Camera Roll, copying them, or sending in emails.
As well as the face locking system, you’re asked to create a pattern swipe gesture, giving you an additional way of unlocking the app.
The app does maintain a photo archive of everyone who tries logging in. So if someone has been trying to see your secret stuff, you’ll know what they look like.
This is where we get to the main problem: you can fool Facevault by showing it a photo of the right face. I tested Facevault by showing it my real face, and it worked as expected. Then I showed it a photo of my face, taken on a camera and displayed on the camera’s preview screen. Facevault recognized it as my face, and obligingly opened.
Now, it would be unfair to single Facevault out for criticism for this, because this is a flaw in the underlying facial recognition technology. But it does mean that the app isn’t as secure as you might originally expect it to be. Anyone can open it if they have a reasonably clear photo of you to hand.
Robert says he’s aware of the problem, and working on a simple solution: requiring that the user blinks their eyes to prove they’re real.
He wanted to prove a point, though, and he’s succeeded. Would face recognition be a good way to unlock your phone generally? I’m not convinced. I don’t think it would work in all situations you might find yourself in – your face needs to be in the light, for one thing.
Pro: A successful technology demo
Con: Probably not secure enough for keeping real secrets in; privacy stuff gives me the heebie-jeebies