Unveiling the Vulnerabilities: The Biometric Security Risks of Android Phones

Which? has uncovered a concerning security flaw that affects nearly two-thirds of modern smartphones.

According to Which?, out of the 208 phones tested since 2022, a significant 64% (133 phones) could have their facial recognition systems tricked by a simple 2D photo.

Several well-known brands, including Asus, Samsung, Motorola, and Xiaomi, were among those that failed to pass this basic security test.

While budget and mid-range models are primarily affected, even high-end devices like the Oppo Find X9 Pro and Samsung Galaxy S25 range were found to be vulnerable.

The year 2024 saw an increase in the number of phones susceptible to the 2D photo hack, with 72% failing the test.

Notable exceptions to this security flaw include recent Google Pixel and Samsung Galaxy S26 models, which passed the test successfully.

Apple’s iPhone range, known for its advanced 3D facial recognition technology, also emerged unscathed from the security test.

Time to face the reality

The issue of facial recognition vulnerability is not new, and most Android phones that fail the test will display a warning message during setup.

However, Which? has expressed concerns that certain manufacturers, such as Motorola, OnePlus, and Nothing, do not adequately inform users about the limitations of their facial recognition systems.

While these insecure systems may not be used for mobile payments, they can still grant access to personal data like photos, messages, and emails, potentially enabling unauthorized access to accounts.

The recommended solution for users with affected phones is to avoid using facial recognition altogether and rely on more secure methods like PIN codes and fingerprint authentication.

Alternatively, some Android phones allow users to secure sensitive apps like WhatsApp with PIN or fingerprint protection, limiting the use of 2D facial recognition to unlocking the device.