Some people are griping about Face ID, noting that sometimes their siblings can open their iPhone Xs using Face ID. There’s a simple reason for this.
When your sibling who kind of looks like you unsuccessfully tries to unlock your phone using their face and then you enter your password, you’re accidentally training Face ID on your sibling’s face. Therefore, if that same person tries to unlock your phone using their face, it’s possible the phone will unlock.This is a characteristic of the machine learning capabilities behind Face ID.
Apple very clearly lays this out in a support document about Face ID. Since we all know no one reads those, here’s the key part from the privacy section (emphasis ours): “This data will be refined and updated as you use Face ID to improve your experience, including when you successfully authenticate. Face ID will also update this data when it detects a close match but a passcode is subsequently entered to unlock the device.”
Face ID is constantly working to learn your face better, and it’s important that it does. As TC EIC Matthew Panzarino noted in his interview with Craig Federighi:
There is an adaptive feature of Face ID that allows it to continue to recognize your changing face as you change hair styles, grow a beard or have plastic surgery. This adaptation is done completely on device by applying re-training and deep learning in the redesigned Secure Enclave. None of that training or re-training is done in Apple’s cloud. And Apple has stated that it will not give access to that data to anyone, for any price.
TL;DR If you’re testing Face ID with people who kind of look like you, don’t enter your passcode right away.