The Pixel 9 Pro Fold has a more secure face unlock than the original Pixel Fold

Out of all the new smartphones in the Google Pixel 9 series, the Pixel 9 Pro Fold is undoubtedly the biggest step up from its predecessor. Google’s second-gen foldable is much sleeker, thinner, and faster than the first-gen model, so much so that AP’s Will Sattelberg felt like he was holding a Pixel Fold 5 instead of a Pixel Fold 2 during his initial hands-on. Apart from the many hardware upgrades, the Pixel 9 Pro Fold also has some minor improvements that give it a leg up over the original Pixel Fold. One of those improvements is a more secure face unlock mechanism in the Pixel 9 Pro Fold.

The Pixel 9 Pro Fold, like the original Pixel Fold, can enroll your face or fingerprint as biometric authentication methods. On the original Pixel Fold, either biometric can be used to unlock the device, but only your fingerprint can be used to unlock banking apps or other sensitive apps. In contrast, face unlock on the Pixel 9 Pro Fold can be used to verify your identity in apps. This is evidenced by the fact that under Settings → Security & privacy → Device lock → Fingerprint & face unlock, the Verify it’s you in apps toggle lists both fingerprint and face in the description on the Pixel 9 Pro Fold.

Left: “Fingerprint & Face Unlock” settings on the original Pixel Fold (credits: Anh on Discord). Right: Those same settings on the new Pixel 9 Pro Fold.

What this means is that, on the Pixel 9 Pro Fold, apps that utilize the BiometricPrompt API to challenge the user to unlock the device using a secure biometric will accept either the user’s face or their fingerprint. In contrast, those same apps running on the original Pixel Fold will only accept the user’s fingerprint. For example, many of the best password managers use the BiometricPrompt API to allow the user to securely unlock their password database; these password managers can only be unlocked via the user’s fingerprint on the Pixel Fold, which can be tricky to press when the phone is unfolded as it’s so wide. Face unlock is simply much faster and more convenient on larger devices, but it’s rare for Android devices to have a face unlock mechanism that’s secure enough for unlocking apps.

The Pixel 9 Pro’s face unlock is likely a Class 3 biometric

The reason why secure face unlock is so rare is simply because most Android devices lack the hardware that makes it secure. Most face unlock mechanisms on Android devices rely on a single, front-facing RGB camera. With only one camera, it’s impossible to capture true depth information, meaning face unlock can only work with 2D images of a person’s face. Through machine learning algorithms that are often supplied by third-party vendors, most Android devices are able to quickly determine whether a 2D image of a person’s face matches the face enrolled through face unlock. These algorithms are generally good at detecting liveness as well as basic spoofing attempts, but they aren’t good enough to meet Android’s highest security classification for biometric authentication methods, which is what stops them being used to unlock apps.

Biometric authentication methods are classified into three tiers. From most secure to least secure, they are Class 3, Class 2, and Class 1. Biometrics of all classes can be used to unlock a device, but only those classified as Class 2 or Class 3 can integrate with the BiometricPrompt API, with the latter also being able to integrate with the system Keystore.

Every device’s biometric authentication methods have to be tested by a lab to classify them. The metrics used to measure biometric security performance are the Spoof Acceptance Rate (SAR), Imposter Acceptance Rate (IAR), and False Acceptance Rate (FAR). How a biometric performs on these metrics determines what biometric security class it falls under, as shown in the table embedded below.

The fingerprint unlock on both the Pixel Fold and the Pixel 9 Pro Fold is a Class 3 biometric, but the face unlock on the original Pixel Fold is a Class 1 biometric. While we aren’t 100% sure that face unlock on the Pixel 9 Pro Fold is a Class 3 biometric since we don’t have one on hand, it’s very likely Class 3 given past history.

See, the Pixel 9 Pro Fold isn’t even the first Pixel phone to support secure face unlock. Technically, that would be the Pixel 4, which had dedicated 3D face unlock hardware. But more recently, last year’s Google Pixel 8 series launched with a Class 3 face unlock mechanism that relied on a single camera. It would thus be surprising if Google shipped a less secure face unlock on its future devices.

Although we didn’t confirm it during our hands-on time at the recent Made by Google event, we presume the Pixel 9, Pixel 9 Pro, and Pixel 9 Pro XL also have a Class 3 face unlock biometric, even though Google’s support page hasn’t been updated to reflect that yet. No matter which device in the Pixel 9 series you pick up, you can be confident that its face unlock is secure enough to verify your identity in your most sensitive apps.