Millions of Android users warned their phone can be UNLOCKED by anyone using an easy trick

SMARTPHONES by the likes of Samsung, Nokia and Motorola can be fooled into unlocking simply by holding up a photo of the owner, a Which? investigation claims.

Seven major brands were found to have weak face ID tech which millions use to protect their phones and payment apps.

Some of the phones alleged to have weak face ID tech

The consumer champion tested 48 devices and found 19 of them were easily duped.

Photos used weren’t even high quality – just bog-standard print outs on paper.

Of those tested, Xiaomi was found to have the most that failed, totalling seven phones.

Motorola had four, while Nokia, Oppo and Samsung each had two.

iPhone and Android users warned of 3 places you're at risk of nasty bank raid

I'm a tech expert – check Android and iPhone for app 'red flag' and delete it

Honor and Vivo had one.

All the Apple iPhones Which? tested passed the spoofing tests.

The consumer rights group is now urging anyone who owns one of the affected handsets to switch off face recognition now and use a fingerprint sensor or PIN instead.

“It’s unacceptable that brands are selling phones that can easily be duped using a 2D photo, particularly if they are not making their customers aware of this vulnerability,” said Lisa Barber, Which? Tech Editor.

Most read in Phones & Gadgets

“Our findings have really worrying implications for people’s security and susceptibility to scams.”

The affected handsets are:

Honor 70
Motorola Razr 2022, Motorola Moto E13, Motorola Moto G13, Motorola Moto G23
Nokia G60 5G, Nokia X30 5G
Oppo A57, Oppo A57s
Samsung Galaxy A23 5G, Samsung Galaxy M53 5G
Vivo Y76 5G
Xiaomi POCO M5, Xiaomi POCO M5s, Xiaomi POCO X5 Pro, Xiaomi 12T, Xiaomi 12T Pro, Xiaomi 12 Lite, Xiaomi 13

Which? notes that users in the UK can make contactless payments with Google Wallet up to £45 without needing to unlock the phone using face verification.

Google said that for higher value transactions, users must use a more secure Class 3 biometric unlock.

This should mean that people using the models that Which? was able to spoof are not able to complete transactions over £45 if face recognition is being used to unlock the phone.

Samsung responded that it provides various levels of biometric authentication, with the highest level of authentication from the fingerprint reader.

Nokia confirmed its affected phones have facial recognition software that do not have privileges in third party apps, and they tell customers that the phone can be unlocked by someone who looks a lot like them.

In its own testing with printed pictures, it did not register any issues.

Vivo said that it tells customers during the phone’s set up process that face recognition is less secure than other locks they offer – and that they have to review and agree to the noted Privacy Terms before setting up the 2D facial recognition system.

Honor, Motorola, Oppo and Xiaomi did not respond to Which? with comment.