This is a long review, chock full of detail. Definitely worth your time.
A few pieces on Face ID, just to give you a taste:
Here’s where there’s a difference between Touch ID and Face ID: Touch ID throws away the original enrollment images of your fingerprints almost immediately. Face ID keeps the original enrollment images of your face (but crops them as tightly as possible so as not to store background information). That’s for convenience. Apple wants to be able to update the neural networks for Face ID without you having to re-register your face each time.
The True Depth camera reads the data and captures a randomized sequence of 2D images and depth maps which are then digitally signed and send to the Secure Enclave for comparison. (Randomization also protects against spoofing attacks.)
The portion of the Neural Engine inside the Secure Enclave converts the captured data into math and the secure Face ID neural networks compare it with the math from the registered face. If the math matches, a “yes” token is released and you’re on your way. If it doesn’t, you need to try again, fall back to passcode, or stay locked out of the device.
None of the neural networks have yet been trained to distinguish multiple registered faces. They can tell you or not you, but not you, someone else, and not either of you. That’s a level of complexity beyond the first iteration of the system. Right now, very few people reportedly register multiple fingers for Touch ID, but Apple could add that functionality to a future implementation of Face ID, if there’s significant demand.
Yesterday, we posted an op-ed from Ben Lovejoy saying:
My guess is that doing all these checks for more than one person would make face-recognition noticeably slower than Touch ID, and Apple was concerned that reviewers and consumers alike wouldn’t respond well to that. That, I think, is the real reason Apple limits Face ID to a single face.
Rene’s take is that the system was not yet designed to handle more than a single face, that it’s not an issue of CPU performance, but of neural network design. All interesting.
One last excerpt, that connects to something we posted earlier this morning, about the ACLU and privacy concerns:
What developers can’t do is get your face data. Just like apps never got access to your fingerprints with Touch ID, they never get access to your face data with Face ID.
Once the app asks for authentication, it hands off to the system, and all it ever gets back is that authentication or rejection. Apple has a separate system, built into ARKit, the company’s augmented reality framework, that provides basic face tracking for Animoji or any apps that want to provide similar functionality, but it only gets rudimentary mesh and depth data, and never gets anywhere near Face ID data or the Face ID process.
This is just a tiny taste of Rene’s review. A fascinating read. One smart cookie.