IPhone X Face Data Can Be Shared With Developers

Phil Schiller Appleā€™s senior vice president of worldwide marketing announces features of the new iPhone X including Face ID

The company's executives at the time made an effort to placate privacy concerns with talk of strict on-device storage and end-to-end encryption, but did not mention third-party developer access.

Apple is allowing app developers to gain access to face data stored on iPhone X handsets, once permission is granted by individual users so that they can build apps using their facial features. The iPhone maker has always maintained that new features don't have to come "at the expense of your privacy and security". Privacy experts are concerned about the inability to control what developers do with the information when it leaves the smartphone, as well as whether the company's disclosure policies correctly alerts users about how the data is being used.

The Face ID data is transferred to Apple's Secure Enclave, according to the feature's security paper. A number of privacy groups, including the American Civil Liberties Union and the Center for Democracy and Technology, are now anxious that Apple may not be able to control how developers will use their access to sensitive biometric data once they transfer such data to their individual servers. That requires a mathematical representation of the user's face and not merely a visual map. Yet developers do still have access to a "rough" map of a user's face, as Reuters puts it, along with as many as 50 facial expressions that could tell a developer how exactly you raise your eyebrows or move your mouth, to name a few telling instances. Developers won't be able to unlock a person's iPhone X with the information.

The data that developers have access to is not the same as that used by Face ID, and it can not be used to unlock devices. The data can be removed from the phone and stored on the developer's own servers.

The contracts seen by Reuters make it clear that app developers must "obtain clear and conspicuous consent" from users before they do anything with facial data, and make it clear that data can only be collected and used for legitimate reasons relating to the functioning of an app. Developers are banned from de-anonymizing user data, and for using it for advertising or marketing purposes. Naturally, iOS will also continue to ask users to grant permission for an app to access any of the cameras on the iPhone X, although it's not yet clear whether a separate core iOS authorization will be required to access the TrueDepth camera's advanced facial recognition capabilities.

"It means household names probably won't exploit this, but there's still a lot of room for bottom feeders."

"When using Face ID, the app is notified only as to whether the authentication was successful; it can't access Face ID or the data associated with the enrolled face", the document says.

Related:

Comments

Latest news

Apple CEO Says There's a Greater Issue Than Russian Facebook Ads
Addressing the privacy concerns, Cook said all the media companies and even tech companies are not the same. Moving away from social media, Cook bemoaned the current state of U.S. corporate tax rates.

Credit Suisse Q3 net income 244 mln Sfr; CET1 ratio 13.2 pct
The lender said it is "confident" it would finish the year with cost savings under its target of 18.5 billion Swiss francs. The bank kept a cautious outlook for the year ahead due to political and monetary policy uncertainties.

See Inside! This Apartment Is Made Entirely of LEGO Bricks
State of the art home security: just throw some bricks on the floor before leaving! Airbnb is giving one family the chance to have the house to themselves.

Ball Corporation (BLL) Holdings Boosted by Cubist Systematic Strategies LLC
Following the transaction, the chairman now directly owns 407,575 shares in the company, valued at approximately $16,788,014.25. Zacks Investment Research cut Ball Corporation from a "hold" rating to a "sell" rating in a report on Monday, October 16th.

Tesla Delays Model 3 Production, Posts Q3 Loss of $671 Million
The company reported an adjusted loss per share of $2.92, higher than Thomson Reuters estimated at $2.29. Tesla shares dropped by as much as 5.4% on the news in after-hours trading, before recovering slightly.

Other news