Since its introduction with the iPhone X in 2017, Apple’s Face ID has become one of the most widely used biometric authentication systems in the world, often praised for its convenience and technological sophistication. Yet, like any system that relies on human biology, it has its share of limitations: reports of identical twins, close relatives or young children occasionally unlocking a parent’s device have circulated since its debut.

Beyond these anecdotal cases, however, a steady stream of academic researchers, security analysts, and hackers have tested the resilience of Face ID against deliberate and technically advanced attacks. In this article, we try to analyze the available sources and make a conclusion about the real security of Apple Face ID.

Biometric face unlock is not unique to Apple, and its implementations vary widely across platforms. On Android devices, the spectrum ranges from highly robust systems such as Google’s Pixel 4, which briefly featured secure 3D facial recognition, or Samsung’s high-end models combining infrared depth sensing with liveness detection, to far less rigorous approaches that rely only on a two-dimensional selfie camera and can be fooled by a printed photograph. In Microsoft land, Windows Hello introduced infrared camera-based authentication to the PC market, bringing facial recognition into the office environment. In this article, however, the focus will remain on one particular ecosystem: Apple’s Face ID, found in iPhones since the iPhone X and in several iPad Pro models, whose reliance on structured-light depth mapping has made it a benchmark for consumer-grade facial authentication.

From the moment it was introduced back in 2017, Face ID provoked debate over its resilience to impersonation, with Apple itself warning that close relatives or young children might trigger false matches. The new technology was getting close attention from the press, and early evidence confirmed that identical twins could indeed unlock one another’s devices. Later academic work extended this concern into the realm of “sameface” vulnerabilities, where synthetic or so-called “master faces” generated with machine learning were shown to match multiple identities in commercial recognition systems, raising the possibility of cross-user collisions. However, none of that work posed direct threat to Apple’s implementation; spoofing Apple Face ID required precise measurements and 3D printing of a silicone mask, which severely limited real-life usefulness of the bypass. And indeed, while Vietnamese firm Bkav published controlled demonstrations of composite masks combining 3D printing, silicone, and 2D images to bypass authentication in their lab, later attempts by journalists and professional mask makers reported consistent failure to replicate the bypass under realistic conditions. Still others explored tampering with liveness detection, showing that Apple’s attention-awareness feature could be manipulated under certain setups. Still, such researches are limited to narrow, proof-of-concept scenarios rather than casual exploits. Let us check those researches a bit closer.

Timeline

2017-09-12, The Guardian, Alex Hern, Live demo of Face ID on the iPhone X failed during Craig Federighi’s keynote. Apple later explained the device had been handled backstage so Face ID required a passcode rather than indicating a systematic bypass.

Practical implication: expected behavior. Apple said Face ID behaved as designed (demo setup error), not a security breach.

2017-11-03, WIRED, David Pierce; Junho Kim; Jordan McMahon. WIRED hired biometric hackers, a Hollywood face-caster and makeup artist to reproduce a target face and attempted many physical-mask and prosthetic approaches to spoof Face ID.

Practical implication: fail. Despite extensive, costly efforts the team failed to reliably spoof Face ID; the system appeared robust to their methods.

2017-11-12 (reporting 2017-11-14), Reuters, npr.org. Mai Nguyen (reporting on Bkav), Vietnamese security firm Bkav published videos and a writeup showing a composite 3D-printed + silicone + paper-mask that could unlock an iPhone X in their demos.

Practical implication: iffy. Bkav claimed success but demonstrations required detailed measurements/angles and were met with skepticism; Apple and many researchers characterized the attack as expensive, specialist, and not a broad practical threat.

2017-11-14, WIRED, David Pierce (reporting). Multiple anecdotal demonstrations (including a 10-year-old unlocking a parent’s iPhone X and reports about identical twins) showed that very close relatives or children can sometimes unlock Face ID.

Practical implication: family/twin edge-cases reduce absolute security. Apple acknowledged higher false-match risk among young children and warned about close relatives.

2019-03, IWBF, Research Gate (conference proceedings), Raghavendra Ramachandra et al. Empirical study using custom 3D silicone face masks against commercial face-recognition systems (mobile devices included) to measure vulnerability and evaluate PAD (presentation-attack-detection) countermeasures.

Practical implication: not directly applicable to Apple Face ID, but high-quality custom masks can successfully spoof some commercial systems and reveal gaps in PAD generalization.

2019-07-29, Black Hat USA white paper (full PDF), Yu Chen; Bin Ma; Zhuo Ma (Tencent Xuanwu Lab). Detailed analysis and demonstrations of “liveness-detection” attacks across biometric systems including Face ID: they reversed Face ID’s attention-detection behavior and proposed low-cost “X-glasses” and hardware-injection techniques to bypass attention/liveness checks.

Practical implication: possibility of face unlock while the victim is sleeping by spoofing the attention detection mechanism. The researchers were able to reverse the attention detection mechanism of FaceID and demonstrated how to use glasses and tape to unlock the FaceID while victim is sleeping.

2021-09-08 (arXiv preprint), Huy H. Nguyen; Sebastien Marcel; Junichi Yamagishi; Isao Echizen. “Master Face” research using GAN-based generation and latent-vector evolution to create synthetic faces that match many enrolled identities (digital and printed presentation attacks).

Practical implication: not directly related to Apple Face ID; targets much simpler face recognition systems. Proves that such systems are vulnerable to generated “master faces” in some settings, highlighting new digital/physical presentation-attack vectors.

2023 (survey), D. Sharma et al. Comprehensive survey of face presentation-attack detection (PAD) methods reviewing print/replay/3D-mask and deepfake attacks and PAD countermeasures – documents progress and the persistent generalization gap of PAD systems.

Practical implication: not directly related to Apple Face ID; the major claim is that face identification systems can be vulnerable to emerging spoofing techniques unless continuously updated. Demonstrated that presentation-attack detection techniques improved over time, but still struggle to generalize to novel or high-fidelity attacks.

2025-02 (journal/conference, IEEE Computer Society), Z. Wu et al. (Multi-Modal spoofing research / “DepthFake”-style work). Demonstrations of advanced attacks that project or synthesize structured-light/depth perturbations (e.g., projecting crafted patterns or using physics-aware projections) to defeat active-depth and liveness sensors used by 3D face-authentication systems.

Practical implication: not directly related to Apple Face ID; a largely theoretical work demonstrating that emerging attacks can target the depth/liveness channels themselves (not just RGB), posing direct threats to structured-light systems similar in principle to Face ID’s TrueDepth if such attack techniques are adapted and operationalized.

Notable cases

Some speculations about Apple Face ID turned to be false. One such allegation was originated from an early report stating that Apple Face ID shows better reliability on white faces while delivering lower performance (in false positives/false negatives) when scanning faces of black origin. These unsubstantiated rumors consistently circulated among the press until NIST in 2019 published a report on some 189 facial recognition algorithms for racial bias. The report shows that, while many of these algorithms were 10 to 100 times more likely to inaccurately identify a photograph of a black or East Asian face, compared with a white one, Apple Face ID not one of such algorithms.

One particularly notable case of how Face ID played an important role happened in April 2019, when Saudi sisters Maha and Wafa al-Subaie fled the kingdom by secretly taking their father’s phone and using the government Absher app to grant themselves travel permission, enabling them to board a flight to Turkey and later reach Georgia where they sought asylum (Business Insider). The case drew international attention (The Guardian) to how Saudi Arabia’s male-guardianship system and digital tools restricted women’s freedom of movement, and in August 2019 the kingdom announced legal reforms allowing women aged 21 and over to obtain passports and travel abroad without guardian approval (Reuters).

Conclusion

Over time, Face ID has demonstrated not only durability against the early wave of laboratory mask spoofs but also resilience in the face of more sophisticated emerging threats, from synthetic “master faces” to sensor-channel tampering. Apple’s incremental hardening of the system, both in hardware and in liveness-detection software, has meant that while academic demonstrations highlight theoretical avenues of attack, there are no recent, reproducible reports of successful circumvention in the wild.

For law enforcement, this resilience carries particular weight: the system is designed so that biometric unlock privileges expire after a short interval of inactivity or after several failed attempts, forcing the device revert to passcode authentication. In practice, this means that unless the phone is seized while active and recently unlocked, investigators cannot realistically rely on biometric bypass.