Biometric security has become increasingly popular over the last few years. Apple built fingerprint scanning into the iPhone, Microsoft uses face scanning in the Windows Hello feature, and ZTE was among the first to adopt eye scanning in a consumer device with the ZTE Grand S phone. Samsung built all those scanners into the new Galaxy S8 and S8+, but it clearly favors facial and iris recognition over plain-ol’ fingerprint scanning.
That preference is made clear in the Galaxy S8’s promotional materials. Samsung pays special attention to iris scanning–it’s listed first on the phone’s security page and has more space devoted to it than other features. That’s at least partly because recognizing someone’s eye is more novel than scanning their finger, which makes it a selling point for a new flagship product, but it also seems like Samsung flat-out wants you to use the feature.
The fingerprint scanner’s position on the Galaxy S8 and S8+ supports that idea. It’s not located at the bottom of the display, like it is with many other phones, but is instead placed right next to the rear camera. That surely helped minimize the phone’s bezel (one of the Galaxy S8’s main design changes) yet it also means the scanner is placed near the top of a 184.9mm or 159.5mm tall phone. How easy will it be to reach there?
Combine the phone’s marketing with that fingerprint scanner placement and you’ll probably end up with many Galaxy S8 and S8+ owners opting for iris or facial recognition over their less convenient counterpart. That could become a problem if those people then want to make sure nobody can access their smartphone without their permission, especially as governments around the world start to collect more biometric information.
Not that some of those governments will have to start from scratch. A study from the Georgetown Law Center on Privacy & Technology from 2016 found that 50% of American adults are in at least one facial recognition network used by law enforcement organizations. The study also found that these systems are “unregulated” and that only a “few agencies have instituted meaningful protections to prevent the misuse of the technology.”
Those photographs might allow law enforcement to access smartphones that rely on iris or facial recognition. It’s not guaranteed–it depends on how closely Samsung identifies various markers, the quality of law enforcement agencies’ photographs, and other factors–but it is a possibility. So too is US law enforcement’s ability to make people unlock biometrically secured phones even though they can’t do so with password-protected devices.
Governments could also follow Singapore’s lead in requiring biometric data for official documents or materials. That country decided in December 2016 that, starting in January 2017, anyone registering for or renewing the registration on a National Identity Registration Card or passport must have an image of their iris collected. Others also require people to, erm, hand over their fingerprints if they want a passport or other document.
This means the path of least resistance for the Galaxy S8 and S8+ also provides the least protection against unwanted access to the device. You’re better off using a fingerprint than your iris or face, and it’s best to forgo biometric security entirely in favor of a passcode or password, at least when it comes to legally accessing your device. (A password doesn’t help if, say, an abusive spouse demands access to your phone.)
All that said, many people might actually be more secure if they use the iris or facial recognition on the Galaxy S8 and S8+ when they debut. That’s because Pew found in January that, among other personal security failings, many Americans don’t use any type of screen lock for their smartphones. That introduces another shade of gray to the issue: even flawed precautions, after all, are better than no protections at all.