App Developer Access To iPhone X Face Data Spooks Some Privacy Experts

A reader shares a report: Apple won accolades from privacy experts in September for assuring that facial data used to unlock its new iPhone X would be securely stored on the phone itself. But Apple's privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player's real-world facial expressions. Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by Reuters. App makers who want to use the new camera on the iPhone X can capture a rough map of a user's face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer's own servers, can help monitor how often users blink, smile or even raise an eyebrow.

Time to up your meds

[Brannon]

1. your thumb-print never leaves the secure enclave of an iPhone, it's not stored electronically anywhere, there's no path for it to be extracted electronically at all. It would be *way* easier to get your thumb print off of a glass then it would to try to electronically hack it out of an iPhone

2. FaceID doesn't use 'image processing' because it doesn't use images, it uses infra-red depth sensing. If you just use it for authentication then it's basically the same deal as the thumbprint; secure enclave and whatnot--it doesn't leave your phone.

3. Apple does not sell your info, ever. Not because they are a naturally good or noble company, but because they would make less money if they did so. Their business model is based on selling physical pieces of hardware, not selling their customer data. They are basically the opposite of Google.