To answer some of those questions, Apple software engineering chief Craig Federighi did a telephone interview with TechCrunch, where he covered topics on privacy, security, and functionality.
TechCrunch‘s Matthew Panzarino, who spoke to Federighi, says he’s heard Face ID is “incredibly reliable” and “very fast,” worth noting because many people have wondered how quickly it works.
According to Federighi, Face ID needs to see your eyes, nose, and mouth, so there are some situations where it won’t work and a passcode will need to be used instead. The limitations are similar to the limitations with Touch ID, which, for example, prevent it from being used with gloves.
“If you’re a surgeon or someone who wears a garment that covers your face, it’s not going to work,” says Federighi. “But if you’re wearing a helmet or scarf it works quite well.”
Panzarino asked Federighi to expand on how the feature works with sunglasses and whether polarization is an issue, following confirmation earlier this week that Face ID is compatible with most pairs. Federighi says polarization isn’t a problem, but there are some lenses that have a coating that blocks IR, and if that’s the case, a customer will need to use a passcode or take them off.
Face ID will work from multiple angles and distances when a device is held at a natural angle, but it needs to see your face.
“It’s quite similar to the ranges you’d be at if you put your phone in front facing camera mode [to take a picture],” says Federighi. Once your space from eyes to mouth come into view that would be the matching range – it can work at fairly extreme angles — if it’s down low because your phone is in your lap it can unlock it as long as it can see those features. Basically, If you’re using your phone across a natural series of angles it can unlock it.”
When it comes to security, Apple says that all Face ID processing is done on device with nothing uploaded to the cloud or Apple’s servers, a point Federighi reiterated in the interview. Apple collects no data when the TrueDepth camera in the iPhone X scans your face, and the feature that allows Face ID to adapt to appearance changes is done entirely on device.
“We do not gather customer data when you enroll in Face ID, it stays on your device, we do not send it to the cloud for training data,” he said.
When it comes to law enforcement requests for Face ID data, Apple has no data to provide. Your Face ID scan is converted into a mathematical model in the Secure Enclave on the iPhone X, and it can’t be reverse engineered back into a face. As with Touch ID, none of that data is ever sent to Apple. Third-party developers don’t have access, either.
Federighi also expanded a bit on the method Apple implemented to discretely disable Face ID in a situation where someone might steal your phone and attempt to unlock it with your face. On the iPhone X, holding down on the buttons on either side of the device goes to the power down screen, which also disables Face ID. If someone demands your phone, squeeze the buttons to disable Face ID, Federighi suggests.
Face ID will also disable itself after five failed attempts at recognition. Earlier this week, Apple documentation suggested it would be disabled after two failed recognition attempts, but Federighi has clarified that it’s five, just like Touch ID. Apple’s documentation has now been updated accordingly. Also, when the iPhone reboots or Face ID hasn’t been used in 48 hours, a passcode will be required. Additionally, if you haven’t entered a passcode for 6.5 days and Face ID hasn’t been used in the last four hours, Face ID will also be disabled until a passcode is entered.
Federighi’s full interview, which includes more details on how Apple trained Face ID and how it works, can be read over at TechCrunch.