10-25-2019 08:52 PM
30 12
tools
  1. Cherenkov's Avatar
    I received my Pixel 4 XL yesterday. So far.. eh. Not super impressed. Face unlock is cool. However, I've already had information compromised because of it. Hear me out.

    I don't like gesture navigation. I keep pulling up the app drawer or app search when I'm trying to swap between active apps. I really, really don't like the sharp edges at the bottom of the screen with the bar it super-imposes when it's running. It looks like the flat tire effect we saw on the first gen Android watches. So I called Google Support to ask how to disable this. They wanted to do a screen share, to see what I was talking about. I said sure, it'll make things easier.

    We determined that you can turn off gesture navigation to get rid of that visual effect. Upon doing so my phone, on its own, cycled through all of my recent apps, landing on my password manager. My password manager, upon seeing my face, immediately unlocked, displaying sensitive passwords to the Google support agents (and also recording them via their screen share tool). I had no say in this. Normally my password manger uses a fingerprint scanner. I can choose when to apply said fingerprint to the scanner to unlock the app, otherwise it remains closed. But with Face Unlock, if the phone can see your face, the app unlocks. So as soon as the password manager became the active application, it saw me, unlocked itself, and exposed my data.

    Of course I have the option to disable face unlock, but with no fingerprint scanner, this means I have to go back to a PIN (not at all secure really) or a complex password (very tedious to use). I can imagine other scenarios in which you might open an app accidentally, or even just want to glance at your phone without unlocking it, but since Face unlock is automatic, suddenly your app or phone is open whether you like it or not.
    10-23-2019 01:29 PM
  2. dmxjago's Avatar
    I received my Pixel 4 XL yesterday. So far.. eh. Not super impressed. Face unlock is cool. However, I've already had information compromised because of it. Hear me out.

    I don't like gesture navigation. I keep pulling up the app drawer or app search when I'm trying to swap between active apps. I really, really don't like the sharp edges at the bottom of the screen with the bar it super-imposes when it's running. It looks like the flat tire effect we saw on the first gen Android watches. So I called Google Support to ask how to disable this. They wanted to do a screen share, to see what I was talking about. I said sure, it'll make things easier.

    We determined that you can turn off gesture navigation to get rid of that visual effect. Upon doing so my phone, on its own, cycled through all of my recent apps, landing on my password manager. My password manager, upon seeing my face, immediately unlocked, displaying sensitive passwords to the Google support agents (and also recording them via their screen share tool). I had no say in this. Normally my password manger uses a fingerprint scanner. I can choose when to apply said fingerprint to the scanner to unlock the app, otherwise it remains closed. But with Face Unlock, if the phone can see your face, the app unlocks. So as soon as the password manager became the active application, it saw me, unlocked itself, and exposed my data.

    Of course I have the option to disable face unlock, but with no fingerprint scanner, this means I have to go back to a PIN (not at all secure really) or a complex password (very tedious to use). I can imagine other scenarios in which you might open an app accidentally, or even just want to glance at your phone without unlocking it, but since Face unlock is automatic, suddenly your app or phone is open whether you like it or not.
    That sucks. What an unlucky thing. I received mine today and loving it. I like the new gestures system and been using it since it was made available in the beta so I've been used to it for months.
    10-23-2019 01:32 PM
  3. Jeremy8000's Avatar
    Very unfortunate situation, sorry to read that happened to you. Not wanting to seem insensitive, but candidly, this isn't a fault of Google's software design - your granting them screen share is essentially the same as your letting a friend look at your phone alongside you. Generally speaking, before granting such permission you should be closing out anything you wouldn't want them to see.

    Something that comes to mind that might be nice to see implemented would be the ability to wall off certain applications or functions such that biometrics cannot unlock them, and those specific apps/functions would require a PIN/PW.
    10-23-2019 02:20 PM
  4. Almeuit's Avatar
    I received my Pixel 4 XL yesterday. So far.. eh. Not super impressed. Face unlock is cool. However, I've already had information compromised because of it. Hear me out.

    I don't like gesture navigation. I keep pulling up the app drawer or app search when I'm trying to swap between active apps. I really, really don't like the sharp edges at the bottom of the screen with the bar it super-imposes when it's running. It looks like the flat tire effect we saw on the first gen Android watches. So I called Google Support to ask how to disable this. They wanted to do a screen share, to see what I was talking about. I said sure, it'll make things easier.

    We determined that you can turn off gesture navigation to get rid of that visual effect. Upon doing so my phone, on its own, cycled through all of my recent apps, landing on my password manager. My password manager, upon seeing my face, immediately unlocked, displaying sensitive passwords to the Google support agents (and also recording them via their screen share tool). I had no say in this. Normally my password manger uses a fingerprint scanner. I can choose when to apply said fingerprint to the scanner to unlock the app, otherwise it remains closed. But with Face Unlock, if the phone can see your face, the app unlocks. So as soon as the password manager became the active application, it saw me, unlocked itself, and exposed my data.

    Of course I have the option to disable face unlock, but with no fingerprint scanner, this means I have to go back to a PIN (not at all secure really) or a complex password (very tedious to use). I can imagine other scenarios in which you might open an app accidentally, or even just want to glance at your phone without unlocking it, but since Face unlock is automatic, suddenly your app or phone is open whether you like it or not.
    What password manager? I would blame the PW manager first before Google...

    LastPass is in beta and does this....
    Attached Thumbnails Major Flaw in Face Unlock - You no longer have a choice-lp_beta.jpg  
    10-23-2019 02:35 PM
  5. SpookDroid's Avatar
    But don't you have to hit a confirmation button before unlocking?
    Major Flaw in Face Unlock - You no longer have a choice-img_20191023_113534.jpg
    10-23-2019 02:36 PM
  6. dmxjago's Avatar
    But don't you have to hit a confirmation button before unlocking?
    Click image for larger version. 

Name:	IMG_20191023_113534.jpg 
Views:	17 
Size:	77.2 KB 
ID:	312125
    I think so because I had to do it for another appbi think it was for Google play store for using biometrics and purchasing apps.
    10-23-2019 02:38 PM
  7. Almeuit's Avatar
    Something that comes to mind that might be nice to see implemented would be the ability to wall off certain applications or functions such that biometrics cannot unlock them, and those specific apps/functions would require a PIN/PW.
    Most PW managers allow this without issue. I know for LP you have to turn on Biometrics -- it doesn't default to on.
    10-23-2019 02:38 PM
  8. Cherenkov's Avatar
    Correct, for the manager I use, you don't have to hit a button or anything else. As soon as it sees you, you're in. I'll contact the devs to see if they want to put some kind of confirmation in place. My overall point was that this could impact any app that uses face unlock.
    10-23-2019 02:50 PM
  9. N4Newbie's Avatar
    I think the point that is being missed is that with the fingerprint sensor, the user gets to decide when he wants his phone to unlock whereas with Face Unlock it can very easily happen unintentionally.

    The result is anything from a minor to a major security risk, depending on circumstances, to a minor inconvenience - have to keep manually locking the phone every time it unintentionally unlocks itself.
    hpilot likes this.
    10-23-2019 04:07 PM
  10. Almeuit's Avatar
    The result is anything from a minor to a major security risk, depending on circumstances, to a minor inconvenience - have to keep manually locking the phone every time it unintentionally unlocks itself.
    Know what would solve that? Eye / Attention detection. That is why people griped and everyone said "no big deal!" -- and now they can see why it is annoying.
    10-23-2019 04:22 PM
  11. N4Newbie's Avatar
    Know what would solve that? Eye / Attention detection. That is why people griped and everyone said "no big deal!" -- and now they can see why it is annoying.
    That would help but I'm not convinced it will fully resolve the problem. As others have pointed out, I want to be able to look at my phone to see the current time or a notification that just popped up without the damn thing unlocking itself every time.
    10-23-2019 04:43 PM
  12. Almeuit's Avatar
    That would help but I'm not convinced it will fully resolve the problem. As others have pointed out, I want to be able to look at my phone to see the current time or a notification that just popped up without the damn thing unlocking itself every time.
    So you simply set the phone to not insta unlock -- and to stay on the lock screen. You can look and see the time.. it will unlock technically but the screen will time out way faster then if it fully unlocked to desktop.
    10-23-2019 04:46 PM
  13. Cherenkov's Avatar
    I wonder if they could code in an option to tie it to a button. In particular, the whole phone squeezie thing. I know some people use that for Google Assistant, I don't. But you press a button, that triggers the phone to look at you and then unlock. You get all the functionality of a biometric unlock while still having a choice as to when it's triggered. It wouldn't be 100% hands free any more, but as an option I'd take it over the way they've got it set up currently.
    10-23-2019 05:02 PM
  14. SupraLB's Avatar
    What a huge dumpster fire mess Google has created. I'm hoping the Pixel 4a brings back the fingerprint sensor.
    10-23-2019 05:49 PM
  15. Guyinbox's Avatar
    What a huge dumpster fire mess Google has created. I'm hoping the Pixel 4a brings back the fingerprint sensor.
    For real, the 4a XL might be the phone to get. No worthless Soli forehead and (hopefully) retaining the rear fps? Sign me up!
    10-23-2019 06:09 PM
  16. Morty2264's Avatar
    I am so sorry this happened to you, OP. What was the Google support staff's response to the situation?

    You are right in that Face Unlock does expose your information and/or unlock your device without your meaning it to.

    I wish that the Pixel 4 had an additional method of security - even an in-screen fingerprint scanner - so those of us who dislike Face Unlock could use that method instead. Even on my S10, I have Face Unlock disabled and doubt I will use it. I may try it but it's not something I'm at all interested in using long term.

    Please keep us posted on what you decide to do with your device.
    10-23-2019 06:18 PM
  17. Cherenkov's Avatar
    Support basically said that Face Unlock was the new path Google is taking, kept assuring me that Google has no access to my data (I had to explain that it was exposed because the app unlocked automatically, not that screen share had somehow downloaded it). It all boiled down to "we appreciate your concerns and I'll log this as customer feedback". They had no real helpful advice other than disabling Face Unlock.
    10-23-2019 09:17 PM
  18. Morty2264's Avatar
    Support basically said that Face Unlock was the new path Google is taking, kept assuring me that Google has no access to my data (I had to explain that it was exposed because the app unlocked automatically, not that screen share had somehow downloaded it). It all boiled down to "we appreciate your concerns and I'll log this as customer feedback". They had no real helpful advice other than disabling Face Unlock.
    I'm sorry that that experience was not as fulfilling as you wanted it to be. That's too bad that the Face Unlock route is the path that Google seems to be taking. At least they will log your concerns.
    10-23-2019 09:52 PM
  19. Golurk's Avatar
    I’m interested to see what the Pixel 4a series offers.
    Morty2264 likes this.
    10-24-2019 06:06 AM
  20. N4Newbie's Avatar
    So you simply set the phone to not insta unlock -- and to stay on the lock screen. You can look and see the time.. it will unlock technically but the screen will time out way faster then if it fully unlocked to desktop.
    That's hardly an answer, though.

    With the FPS on my 3XL and previous phones, *I* decide when I want the phone to unlock and, yes, it goes instantly and directly to whatever screen or app it was on when I last locked it.

    What you are proposing is that I either inconvenience myself one way (phone constantly unlocks unintentionally) or the other way (phone requires me to swipe away the lock screen). Both options suck and, frankly, are a stupid design decision.
    10-24-2019 08:29 AM
  21. Almeuit's Avatar
    That's hardly an answer, though.

    With the FPS on my 3XL and previous phones, *I* decide when I want the phone to unlock and, yes, it goes instantly and directly to whatever screen or app it was on when I last locked it.

    What you are proposing is that I either inconvenience myself one way (phone constantly unlocks unintentionally) or the other way (phone requires me to swipe away the lock screen). Both options suck and, frankly, are a stupid design decision.
    It is the answer... That's how the phone is now. So that's definitely the answer.. the only other is buy another phone.
    10-24-2019 10:51 AM
  22. Mr Segundus's Avatar
    I'd change every one of those passwords and keep the password managing app closed at all times. I agree with you that a fingerprint sensor would've prevented the app from opening.
    10-24-2019 11:09 AM
  23. Morty2264's Avatar
    I’m interested to see what the Pixel 4a series offers.
    Good point! Hopefully they'll add another method of security with the 4a line.
    10-24-2019 02:03 PM
  24. Ben_70's Avatar
    I wonder if they could code in an option to tie it to a button. In particular, the whole phone squeezie thing. I know some people use that for Google Assistant, I don't. But you press a button, that triggers the phone to look at you and then unlock. You get all the functionality of a biometric unlock while still having a choice as to when it's triggered. It wouldn't be 100% hands free any more, but as an option I'd take it over the way they've got it set up currently.
    Good thought. And it wouldn't even need to be assistant OR unlock...simply add a short squeeze for GA and long squeeze for unlock (like recent HTC phones).
    Morty2264 likes this.
    10-24-2019 08:36 PM
  25. Almeuit's Avatar
    LastPass is now officially updated.

    10-24-2019 08:55 PM
30 12

Similar Threads

  1. Check'n in
    By Postoid in forum New to the Forums? Introduce Yourself Here!
    Replies: 11
    Last Post: 10-31-2019, 08:19 AM
  2. Is the performance difference shown in this video really this drastic?
    By KillerQ in forum Google Pixel 4 & Pixel 4 XL
    Replies: 4
    Last Post: 10-23-2019, 10:07 PM
  3. accidently wrote wrong email in samsung pls help
    By Android Central Question in forum Ask a Question
    Replies: 2
    Last Post: 10-23-2019, 09:14 AM
  4. accidently wrote wrong email in samsung pls help
    By Android Central Question in forum Ask a Question
    Replies: 0
    Last Post: 10-23-2019, 07:51 AM
  5. Replies: 1
    Last Post: 10-23-2019, 03:44 AM
LINK TO POST COPIED TO CLIPBOARD