Experts have discovered a critical vulnerability in the security of most Samsung, Xiaomi, Nokia, and Honor smartphones

Vulnerability of biometric unlocking on Android smartphones

Many popular models from Motorola, OnePlus and Samsung use face recognition as a login method. However researchers discovered that this feature can be easily bypassed: it is enough to show the front camera a regular photo of the owner.

% of devices that can be bypassed
2022 64 % (133 out of 208)
2023 53 %
2024 72 %
2025 63 %

The problem affects not only major brands but also companies such as Asus, Fairphone, Honor, HMD, Nokia, Nothing, Oppo, Realme, Vivo and Xiaomi.

Why it is so easy to bypass
Most Android smartphones use a simple 2D recognition system. The front camera records a “flat” image of the face without depth measurement. Therefore the system cannot distinguish a live person from a photograph or two similar faces. Some manufacturers made minor improvements, but they remain exceptions: the new Samsung Galaxy S26 turned out to be more reliable than its predecessor.

What is available
* Apple Face ID – 3D system with projection of thousands of invisible points to create a depth map.
* Honor Pro series – some models use a similar technology.
* Google Pixel 8–10 – use a secure variant of the 2D algorithm based on machine learning.

How manufacturers respond
Despite knowing about the issue, most companies do not consider it critical. When enabling 2D unlocking, warnings are often displayed: “This feature is intended for convenience, not data protection.” In addition, Google Wallet and many banking apps require more reliable methods (PIN, graphical key, password or fingerprint) to protect critical data.

What an attacker can gain
If biometric protection is bypassed, they gain access to:
* conversations in messengers and SMS;
* email and related accounts;
* gallery with potentially confidential documents.

What users should do
1. Disable 2D unlocking or enable a more reliable method (PIN, password, fingerprint).
2. For applications where security is critical (banks, e‑wallets), use separate protection.
3. Keep firmware updated – manufacturers sometimes release patches to improve the biometric system.

Thus, although 2D face recognition is convenient, it does not provide sufficient protection against personal data theft. Users should consider more reliable unlocking options and additional protection for sensitive applications.