Summary created by Smart Answers AI
In summary:
- Tech Advisor reports that 64% of Android phones tested since 2022 have facial recognition systems that can be easily fooled by simple 2D photos.
- Major brands including Samsung, Oppo and Motorola flagships failed the security tests, while the Google Pixel and Apple iPhone models passed using more secure technology.
- This vulnerability exposes personal data such as photos and emails, making PINs or fingerprint authentication safer alternatives for users.
The UK-based consumer choice organization Which? has revealed a shocking security gap affecting almost two-thirds of modern smartphones.
Which one? reports that of the 208 phones it has tested since 2022, the facial recognition system of as many as 133 (that’s a clear majority of 64%) could be fooled by a simple 2D photo.
The list of brands that violate this crude bypass method is extensive, including Asus, Fairphone, Honor, HMD, Motorola, Nokia, Nothing, OnePlus, Oppo, Realme, Samsung, Vivo, and Xiaomi.
While the report points out that budget and mid-range models are the main weak points here, it’s not exclusively a cheap phone problem. Flagship devices such as the Oppo Find X9 Pro, the Motorola Razr 50 Ultra and the Samsung Galaxy S25 series all failed the test.
According to them, the year 2024 was particularly bad: 72% of the tested phones fell under the 2D photo hack.
Android models that pass this test include recent Google phones, such as the Google Pixel 10, Pixel 9 and Pixel 8, as well as the recent Samsung Galaxy S26 series.
Apple’s iPhone range clearly passes with flying colors, having pioneered good 3D facial recognition technology. The Honor Magic 8 Pro (pictured below), meanwhile, is one of the few phones to use a similarly advanced biometric system.
Chris Hall / Foundry
Time to face the facts
This isn’t a new problem, of course, and most Android phones that fail this test will give you a warning message when you set them up.
However, which one? has expressed concern that some manufacturers are not doing enough to educate users about the inherent weakness of non-3D facial recognition systems.
It specifically mentions Motorola, OnePlus and Nothing as prominent brands that do not warn sufficiently clearly in advance about the disadvantages of their facial recognition systems.
While it is not possible to use these insecure facial recognition systems to authorize mobile payments, they still give access to personal data such as photos, private messages and emails. The latter could in turn give potential thieves the ability to reset account passwords.
The simple answer to this security weakness is for anyone with an affected phone (which is most Android users) to not set up face-based access at all and rely on good, old-fashioned PIN and fingerprint systems.
Alternatively, many Android phones allow you to lock sensitive apps like WhatsApp behind these more secure access mechanisms, so 2D facial recognition only gets you as far as your home screen.
