Mandatory Facial Authentication Introduced for Mobile Phone Activation

Apple’s iPhone has long been regarded as one of the most secure smartphones, largely due to its closed operating system (iOS) and strict App Store review process, which limit the distribution of malicious applications. However, controversy arose in South Korea in 2019 when an elementary school student unlocked his father’s iPhone using facial recognition and made unauthorized in-app purchases worth approximately 10 million won.

Facial recognition technology identifies individuals by converting biometric features—such as the position and shape of the eyes, nose, mouth, and facial contours—into numerical data. In the past, accuracy was limited by variables including aging and lighting conditions. With recent advances in artificial intelligence and deep learning, however, the technology has improved significantly, enabling near-accurate identification through large-scale facial image training. For example, Google’s photo services can automatically group and suggest albums of people or animals appearing in users’ stored images.

On December 23, South Korea’s Ministry of Science and ICT began a pilot program requiring facial authentication for mobile phone activation, in cooperation with the country’s three major telecom operators and 43 budget mobile service providers. The measure aims to prevent the use of illegally obtained or forged identification documents to open mobile lines, which are often exploited for voice phishing and other financial crimes. The government plans to expand mandatory facial authentication to all mobile phone activations starting March 23 next year.

China implemented a similar policy in December 2019, but multiple issues were reported. Telecommunications fraud persisted, while cases involving leakage and illegal trading of facial data emerged. In addition, elderly individuals and people with disabilities reportedly faced difficulties in passing facial recognition, leading to denied mobile service access. These concerns prompted the Chinese government to amend regulations, prohibiting private companies from forcing facial recognition on users.

In South Korea, some citizens have expressed concerns over the collection and potential leakage of facial data. Facial information is a permanent biometric identifier that cannot be changed once compromised. Public anxiety has increased following past hacking incidents involving telecom companies and recent tests showing that bank applications could be accessed using another person’s facial image. The government maintains that only verification results—not raw facial data—are stored, and that biometric information used during authentication is not retained on devices, applications, or management systems.

As hacking technologies continue to advance, no personal data system can be considered entirely secure. Experts note that comprehensive security measures should be firmly established before the full implementation of such systems.