The demand for contactless biometric authentication has significantly increased during the COVID-19 pandemic and beyond to prevent the spread of Coronavirus. The global pandemic unexpectedly affords a greater opportunity for contactless authentication, but iris and facial recognition biometrics have many usability, security, and privacy challenges, including mask-wearing and presentation attacks (PAs). Mainly, liveness detection against spoofing is notably a challenging task as various biometric authentication methods cannot efficiently assess the real user's physical presence in unsupervised environments. Although several face anti-spoofing methods have been proposed using add-on sensors, dynamic facial texture features, and 3-D mapping, most of them require expensive sensors and substantial computational resources, or fail to detect sophisticated 3-D face spoofing. This article presents a software-based facial liveness detection method named Apple in My Eyes (AIME). AIME is intended to detect the liveness against spoofing for mobile device security using challenge-response testing. AIME generates various screen patterns as authentication challenges, then passively detects corneal-specular reflection responses from human eyes using a frontal camera and analyzes the detected reflections using lightweight machine learning techniques. AIME system components include challenge and pattern detection, feature extraction and classification, and data augmentation and training. We have implemented AIME as a cross-platform application compatible with Android, iOS, and the Web. Our comprehensive experimental results reveal that AIME detects liveness with high accuracy at around 200-ms against different types of sophisticated PAs. AIME can also efficiently detect liveness in multiple contactless biometric authentications without any costly extra sensors nor involving users' active responses.