It’s the kind of moment that makes your stomach drop—the second time it happens.
The Face ID security flaw wasn’t supposed to be something you could witness, let alone repeat. Apple said the odds were one in a million. Yet in a small office in Nanjing, one woman watched her coworker unlock her phone. Then do it again on a brand-new device.
Same result. Different phone.
The Surprising Fact
Apple introduced Face ID as a major step forward in smartphone security, claiming a false unlock rate of just 1 in 1,000,000. For most people, that number feels airtight.
But that statistic assumes a random stranger.
What it doesn’t account for—at least not in the way most users understand—is how those odds change when someone looks a lot like you.
In this case, they dropped to zero.
What Happened in Nanjing
The story began shortly after the release of the iPhone X in 2017. A woman in Nanjing, China, set up Face ID on her new phone like millions of others. No issues. No warning signs.
Then a coworker picked it up and unlocked it.
At first, it felt like a glitch. Something temporary. Apple was contacted, and the device was replaced. A fresh start. A clean system.
She registered her face again.
The coworker tried again.
It unlocked again.
That was the moment it stopped feeling like a fluke.
Apple eventually issued a full refund, acknowledging the issue after initially disputing it. The two women were not related. No shared DNA. Just similar enough features to pass the system’s checks.
How Face ID Actually Works
Face ID doesn’t see faces the way humans do.
It projects more than 30,000 invisible infrared dots onto a face, building a depth map. Then it compares that structure to the stored data using Apple’s neural engine.
In simple terms, it’s not looking for “you.” It’s looking for a pattern that matches closely enough.
That distinction matters.
Because if two faces fall within that acceptable range, the system treats them as the same.
Over time, Face ID also adapts. Each successful unlock can slightly update the stored model to account for changes—lighting, facial hair, aging.
Which raises a quiet concern.
If two similar faces are repeatedly accepted, the system may learn both.
Why This Isn’t an Isolated Case
The Nanjing incident gained attention because it was repeatable and documented. But it wasn’t the only case raising questions about biometric authentication reliability.
Security researchers from Vietnamese firm Bkav demonstrated that Face ID could be fooled using a specially designed mask. It wasn’t cheap or easy, but it showed the system had limits.
Identical twins have consistently reported unlocking each other’s phones.
Parents have shared stories of children gaining access without permission.
On Reddit, threads with hundreds of replies describe partners unlocking devices after repeated exposure—sometimes unintentionally.
One pattern keeps showing up.
The risk isn’t random strangers.
It’s familiar faces.
Daily Life Impact
For most users, Face ID works smoothly. It’s fast, convenient, and usually accurate. That’s why it replaced fingerprint sensors on many devices.
But cases like this highlight a different kind of risk—one that feels more personal than statistical.
If you work closely with someone who resembles you, or live with someone who shares similar features, the system’s margin for error becomes more relevant.
Not because it fails often.
But because when it does, it’s not random.
It’s someone you know.
And that changes how people think about mobile phone security.
Real Obstacles and Skepticism
Apple has addressed some concerns over time. Updates improved attention detection, requiring users to look directly at the device. Later versions adapted to masks and partial facial coverage.
Still, experts continue to stress one point.
Biometric security is about convenience, not absolute protection.
Security analysts often recommend combining Face ID with a passcode, especially for sensitive data. Because while the technology is advanced, it still operates within thresholds—not certainty.
Even Apple has acknowledged that similarity reduces accuracy, particularly among twins and siblings.
The Nanjing case simply expanded that category.
The Detail That Makes It Real
Two unrelated coworkers.
Same unlock.
Twice.
That detail is what made the story spread across tech forums, news outlets, and social platforms. It challenged the idea that only genetic similarity could confuse the system.
And it forced a quieter question into the open.
How many people out there look just similar enough?
Conclusion
In the end, the woman in Nanjing didn’t keep the phone. Apple refunded it, and the case faded from headlines as newer updates rolled out.
But the moment stayed.
Not because the system failed once.
Because it failed the same way twice, in front of the same two people, with no randomness involved.
The next real test for Face ID isn’t a new feature or update.
It’s whether it can tell the difference between you—and someone who just looks close enough.
