Apple’s Face ID can work against law enforcement - too many failed attempts with the 'wrong' face can force the iPhone to request a potentially harder to obtain passcode instead.
Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too.
According to Motherboard, one company Elcomsoft specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism.
According to a leaked slide with the headline "iPhone X: don't look at the screen, or else”.
Elcomsoft highlights the case of Apple's 2017 presentation of Face ID, in which Craig Federighi, Apple's senior vice president of software engineering, tried, and failed, to unlock an iPhone X with his own face.
The phone then asked for a passcode instead. "This is quite simple. Passcode is required after five unsuccessful attempts to match a face," Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple's own documentation on Face ID. So by looking into a suspect's phone, the investigator immediately loses one of the attempts."