Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Developer Access To iPhone X Face Data Spooks Some Privacy Experts (reuters.com)

Posted by msmash on from the security-woes dept.

A reader shares a report: Apple won accolades from privacy experts in September for assuring that facial data used to unlock its new iPhone X would be securely stored on the phone itself. But Apple's privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player's real-world facial expressions. Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by Reuters. App makers who want to use the new camera on the iPhone X can capture a rough map of a user's face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer's own servers, can help monitor how often users blink, smile or even raise an eyebrow.

49 of 71 comments (clear)

  1. HACKED BY CHINESE by Thud457 · · Score: 2

    Good luck changing your face when the inevitable data breach happens!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    1. Re:HACKED BY CHINESE by thebes · · Score: 1

      Nicolas cage did just fine!

  2. They can also use your phone, mic, and GPS! by Anubis+IV · · Score: 5, Insightful

    ...of course, you have to give them permission to do so, just the same as with this data, apparently.

    As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you. I'm glad my weather app can grab my current location to give me useful information as I changed locations throughout the day. I'm glad Shazam or whatnot can use the mic to tell me what song is playing. I'm glad my camera apps can access the camera. And it's not outlandish to believe that I may eventually be glad that some form of facial data is getting synced via third-party servers between my devices.

    But that'll be my call to make if and when I ever have a phone with these sorts of features, because without my permission, they can't do jack squat, so this whole topic is rather moot.

    1. Re:They can also use your phone, mic, and GPS! by Anonymous Coward · · Score: 1

      The app shouldn't require facial data from the phone. If it wants facial data, there is a pretty snazzy front-facing camera that can be used on a manual basis. All the authentication stuff should be kept well away from apps, just like how TouchID keeps fingerprint info away from other apps.

    2. Re:They can also use your phone, mic, and GPS! by Aaden42 · · Score: 4, Insightful

      Apps aren't using the data for authentication. The phone still handles auth the same as TouchID. Apps are using face data to make the dog ears and tongue smile and frown along with your face in your selfie app. And possibly other purposes....

    3. Re:They can also use your phone, mic, and GPS! by CaptainDork · · Score: 1

      But that'll be my call to make ...

      Maybe.

      And there lies the rub.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:They can also use your phone, mic, and GPS! by AndyKron · · Score: 1

      What if they do it even if you don't give them permission? It happens all the time.

    5. Re:They can also use your phone, mic, and GPS! by Gravis+Zero · · Score: 2

      ...of course, you have to give them permission to do so, just the same as with this data, apparently.

      As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you.

      Unfortunately, we live in an age where a great deal of people will accept the abuse from Facebook because they believe "[t]he only other option is the self abuse of having no social life."

      I feel like we are only just beginning to experience the consequence of having a society filled with "app addicts".

      --
      Anons need not reply. Questions end with a question mark.
    6. Re:They can also use your phone, mic, and GPS! by Anubis+IV · · Score: 1

      What if they do it even if you don't give them permission?

      How're they supposed to do that? We're talking about app permissions here. The default behavior is to deny apps access to those features until they're explicitly granted permission by the user. If you don't give them permission, they have no ability to abuse it.

    7. Re:They can also use your phone, mic, and GPS! by Anubis+IV · · Score: 1

      But that'll be my call to make ...

      Maybe.

      No, not maybe. This is already how it is. The camera has for years only been accessible to apps after they've explicitly been granted permission by the user, and they'll have a hell of a time collecting facial data without camera access. I suppose they might be able to infer facial data by having us smear the phone all over our faces while using the accelerometer, pressure readings, and gyroscope to infer the shapes of our faces, but at that point you can hardly suggest that they're doing it without your knowledge. :P

    8. Re:They can also use your phone, mic, and GPS! by Anonymous Coward · · Score: 1

      Unfortunately, we live in an age where a great deal of people will accept the abuse from Facebook because they believe "[t]he only other option is the self abuse of having no social life."

      I feel like we are only just beginning to experience the consequence of having a society filled with "app addicts".

      Actually, I love this. Before the 21st century, if one wanted a quiet life of social solitude it meant moving to a monastery high up in the mountains.
      Now, without a Facebook account, I enjoy the digital monastery conveniently located in the middle of an urban center.

      "But what about all the people?" you might ask.
      They aren't looking at me, they're looking at their phones.
      They might be bothering somebody, but they aren't bothering me.

      Bliss.

    9. Re:They can also use your phone, mic, and GPS! by nospam007 · · Score: 1

      "Apps aren't using the data for authentication. The phone still handles auth the same as TouchID. Apps are using face data to make the dog ears and tongue smile and frown along with your face in your selfie app."

      Indeed, the Feds are already working on such an app and they'll get the data for free that way, no need to buy it from another party."

    10. Re:They can also use your phone, mic, and GPS! by stephanruby · · Score: 1

      I long for the day my phone will be able to tell if the person I'm about to have sex with is attractive enough. With beer goggles, one can't be too careful. And with Facebook, the reply from your friends may not arrive fast enough.

    11. Re:They can also use your phone, mic, and GPS! by CaptainDork · · Score: 1

      I'm tempted to google news reports of Apps saying one thing and doing another but I watched the Astros win the World Series late last night, so be a dear and do it yourself, OK?

      --
      It little behooves the best of us to comment on the rest of us.
    12. Re:They can also use your phone, mic, and GPS! by Anubis+IV · · Score: 1

      Hah, the Astros are actually my home team. Not that I really take much interest in the various forms of sportsball, but I can appreciate someone staying up to watch.

    13. Re:They can also use your phone, mic, and GPS! by jellomizer · · Score: 1

      All fine and good, except your argument reminds me of Microsoft Security Statement back in 1998 with the release of Active X (Which unlike Java Applets at the time, can access your files, and do some additional lower level calls to your PC). IE will ask you if it is OK to run the Active X control.
      Now most people are hungry for the content that the site offered, by clicking on the Yes button. So they had opened their system up to being hacked in a moment of a lack in judgement.
      Today we are suffering from a different form of security, where it isn't your system that they want access to just its data. (Lock down the System drives all you want, the important data is in the documents folder, that you can access without admin rights). So using the App to put on a rendered beard or mask, may sound like a fun little toy to play with, until the maker of the app downloads your face specs and sells them to your favorite criminal or semi-criminal company.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    14. Re:They can also use your phone, mic, and GPS! by CaptainDork · · Score: 1

      Yeah, two nights in a row.

      I'm retired, so I'll make it.

      The local Academy sporting goods store is nuts.

      One cashier started her shift at 8 pm yesterday and she left at noon today.

      There's no limit on purchases and some people are buying over a thousand dollars worth of collectibles.

      --
      It little behooves the best of us to comment on the rest of us.
    15. Re:They can also use your phone, mic, and GPS! by crtreece · · Score: 1

      weather app can grab my current location... Shazam or whatnot can use the mic... camera apps can access the camera

      What get me going is when the weather app wants access to the camera, phone, and microphone; Shazam wants to use the camera or location, and they all want access to SMS and your contact list. You really have to pay attention to the permissions you're giving apps, as they tend to want waaaaay more then needed for their core functionality.

      --
      file: .signature not found
    16. Re:They can also use your phone, mic, and GPS! by h4ck7h3p14n37 · · Score: 1

      Remember when cameras came with lens covers and devices had physical switches to turn things off? I'm waiting for one of the phone manufacturers to bring those features back. On the other hand I suppose it's a lot cheaper to just have the customer put a sticker over the camera than add a sliding cover to the phone. Unfortunately there's no good physical way to temporarily disable microphones and GPS, you are forced to trust the software.

    17. Re:They can also use your phone, mic, and GPS! by omfglearntoplay · · Score: 1

      No concern at all. When someone under the age of paranoid computer expert installs a dog face app sees the "allow app access to xxxxx" they will immediately say yes so they can use their app the one time. Eventually someone will abuse this data, and while you and I won't be affected, somebody you know and love might be. Or you know, half the population or something. It is a concern because data on facial mapping is going to be extremely detailed in the iPhone.

    18. Re:They can also use your phone, mic, and GPS! by Paradise+Pete · · Score: 1

      Apps are not getting access to "facial data". They're getting access to the front camera, just like every other stupid app on every platform that does stuff with it.

    19. Re:They can also use your phone, mic, and GPS! by jellomizer · · Score: 1

      The Instagram App, which they show off the real time masks, Uses the Dot projector like the emojis. So to follow your face when you move it and when you change your expressions... It may not be using your FaceID information, but it is getting your face data, for the most part the phone can just render it it locally... But who knows what feature can slip by Apples wall garden, that happens to send this data to the cloud for additional processing.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    20. Re:They can also use your phone, mic, and GPS! by Paradise+Pete · · Score: 1

      It may not be using your FaceID information, but it is getting your face data,

      Yes, it's doing that by using the normal camera that you gave it permission to use. This is true on any phone with a good front facing camera. It has nothing in particular to do with Apple or its restrictions. You use the phrase "walled garden" in this case, but don't you want the OS controlling access to that camera? That's a totally separate notion from the meaning of walled garden, which is a reference to Apple's controlling the app store, not the OS requiring user permission to access features.

  3. Joke of the Day by thomn8r · · Score: 2

    Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties

    My sides! Ow! Please, stop, you're killing me!

  4. Scount's honor! by sinij · · Score: 1

    I agree to seek customer permission via small font legalese hidden in a click-through TOS and I agree not sell the data to third parties, instead I will sell the company with collected data itself.

    1. Re:Scount's honor! by burtosis · · Score: 1

      I, as the CEO and sworn upholder of honesty and integrity for this fine institution, do hereby swear I have not, will not, nor ever will, sell your private information to 3rd parties.

      *Exits the Skype conference with the media* *Turns to COO* - Where you on that new mass quantity discount pricing chart for selling all this great private info? I need to call the bank in Ireland and warn them of all the money trucks arriving.

  5. Duh by 110010001000 · · Score: 3, Insightful

    This is duh. Did you think Apple added this "feature" for security? They added it to get biometric data. No one wants to unlock a phone with a face. Just just a PIN. Most people don't even want to bother with PINs or security at all.

    1. Re:Duh by adosch · · Score: 1

      Exactly. This is yet another way to get ever more biometric data --- Hello to anyone who's been using thumb-print sensors on their phone in the last 2-4 years.

      However, we shouldn't shit on Apple too much; they took some good notes from Facebook and Snapchat. Facial recognition machine learning + image processing is F huge and super polished these days. The pile of selling-point data that another people, companies and businesses want is now instant human body language reaction to their product. Forever, we all think that, super generically, product interest is driven by being ad-bombed or we navigate or drive ourselves there. But just because you went to it, doesn't truly garner a real 'like' to anything --- what if you could 'see' if someone smiled, grinned, made googley-eyes at the millisecond the ad for that widget went by? That right there is what we're talking about and way more.

      In all of this, we are the product, ladies and gentlemen. And as long as we all keep drooling over this shit with millennial reactions of everything being amazing or a game changer and gotta have it, we're fucked.

      I wish my phone was just-a-phone again.

    2. Re:Duh by Bing+Tsher+E · · Score: 1

      Yes, Apple wants to control the trusted data, and maintain the relationship of trust with their customers.

      They don't want anybody else to have that. It's pure gold for them.

    3. Re:Duh by Altus · · Score: 1

      Actually people dont use pins. If the only option you give people is a pin they will choose not to lock their device. We saw this. When apple added thumb print there was a huge jump in the number of devices that were locked and encrypted.

      Sure, you can use a pin.. its more secure anyway (particularly if you go with a long one, or a pass phrase) but the fact is people wont use it. They will use thumb print and they might be more willing to use facial recognition because, if it works flawlessly, all you have to do is look at your phone and its ready to go which is about as low friction as it gets.

      Having more people securing their devices is a good thing and this might help with that. In that respect it is worth it.

      --

      "In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson

    4. Re:Duh by gtall · · Score: 1

      Yeah, I'll add a pin to the 50 other goddamn pins I have. And I'll add another goddamn password to all the other passwords I have. I'll also remember, because I'm caustically reminded, to change my password every frikken 2 months. Oh, I can get a dongle for creating new passwords that I can carry around wherever the hell I go.

    5. Re: Duh by Karlt1 · · Score: 1

      How does Apple "get" biometric data? The data that Apple uses you unlock your phone never leaves the device. Even if Apple did get it, what use would it be to them?

    6. Re: Duh by Karlt1 · · Score: 1

      Any app can not access the data used for authentication that is stored in the secure enclave that apps don't have access to. Even if they did somehow get enough data to unlock your phone, how would they actually use it remotely?

  6. Stupidly worries the experts most by burtosis · · Score: 1

    No actual security expert would be that worried if just your user name was stolen. Your face is publically displayed in a fair resolution already, and likely appears in governmental and private databases. Actual experts that say biological scans should be your only authentication on important systems aren't experts. It wouldn't be that big a deal at this point for a higher res scan of your face to leak out if there wasn't anything you could do or access with it, like say a access persons phone with all the email, social media, etc, maybe even banking. Sadly, these types of scans will probably be widely used as your only authentication, often remotely, and probably at some point on critical systems. There is no stopping stupid, this is what real experts worry about.

    1. Re:Stupidly worries the experts most by Bing+Tsher+E · · Score: 1

      And what worries the marketing critters is any end of said stupidity.

      "It says I need to click here to play the cool new game all my friends have" *click*

  7. Re:No thanks .... by AC-x · · Score: 1

    Sorry, but I'm not giving my biometric information to Apple, an app developer, or pretty much anybody else unless it's fucking required by law

    Ever sent a photo of yourself to anyone via any app or online service?

  8. No different than Snapchat by blocked_lol · · Score: 1

    This is no different than letting Snapchat do it or anything else. Developers can't do it without the user's knowledge, and it isn't giving apps a detailed map of your individual face.

  9. Apple wants to sell phones, not your data by Brannon · · Score: 2

    There's basically zero evidence to suggest that Apple is the least bit interested in selling your personal info to anyone. That would be a minuscule revenue stream compared to the billions of dollars they make off of iPhones; and it would put those much more substantial revenue streams at risk. They've made privacy & security part of their brand.

  10. Oh wait, face id? by cloud.pt · · Score: 1

    If "google team" and even China already can do a lot of reconstruction from machine learning, even with heavily pixelated sources such as old pics and bad IPCams, I am guessing it won't be long before the "rough map" these apps get can be used for user tagging, and even authentication. Back with fingerprint scans, all the info was at the very least kept safe on hardware and is NEVER directly accessible to apps in any form, other than a boolean stuff like "valid" or "denied" access for authentication. Getting some map, even if pre-processed to suck balls, is an open gateway for fooling FaceID, and I think Apple will be in serious trouble even if they are intentionally adding digital watermarks that attempt to prevent such hacking. I mean, even denuvo gets cracked easily these days, I highly doubt any form of encryption or anti-tampering is enough for keeping "rough data" completely fail-proof, if this data is to be of any use to apps that want to see movement.

    Well, that of course assumes the rough map isn't a set of "moods" in the order of magnitude of the hundreds or less. But that pretty much renders the feature "nothing new" material.

    1. Re:Oh wait, face id? by RhettLivingston · · Score: 1

      Yep. They likely don't have to start from pixelated photos. Most people have high-quality photos out there somewhere. If not, a determined attacker can take his own as you walk down the street.

      Also, you don't need the mind pool of Google or Apple to do this. Check out this publicly available demo of 3D Facial Recognition from a Single Image. You can submit your own photo or someone else's and view a 3D model created from it. The model certainly isn't perfect, but it isn't too bad either.

      Anyone who uses Face ID on a device with data that they are concerned about protecting is making a mistake. The same is true of fingerprint scanners or virtually any other biometric identification.

    2. Re:Oh wait, face id? by cloud.pt · · Score: 1

      Oh what a beautiful elitist world it must be on those usenet BBS forums you dwell, where nobody takes any shit but the 100% irrefutable shit and has an absolutely 0 tolerance-policy for arguments because OMNISCIENCE.

      Slashdot is past mainstream phase but that doesn't mean it's back to just-for-nerds phase. The status quo is nice because the low trolling that exists, like yours and the odd spambot's is both easily identifiable and no longer really tolerated through the empathy of a once quasi-homgenous community.

      Welcome to 2017. I hope the basement is starting to feel awkward enough for you to come out, get a life, and realize there are other opinions other than yours.

  11. Time to up your meds by Brannon · · Score: 4, Informative

    1. your thumb-print never leaves the secure enclave of an iPhone, it's not stored electronically anywhere, there's no path for it to be extracted electronically at all. It would be *way* easier to get your thumb print off of a glass then it would to try to electronically hack it out of an iPhone

    2. FaceID doesn't use 'image processing' because it doesn't use images, it uses infra-red depth sensing. If you just use it for authentication then it's basically the same deal as the thumbprint; secure enclave and whatnot--it doesn't leave your phone.

    3. Apple does not sell your info, ever. Not because they are a naturally good or noble company, but because they would make less money if they did so. Their business model is based on selling physical pieces of hardware, not selling their customer data. They are basically the opposite of Google.

    1. Re:Time to up your meds by thomn8r · · Score: 1

      Apple does not sell your info, ever

      It's much more profitable to rent the data

    2. Re:Time to up your meds by antdude · · Score: 1

      How do we know they are not sharing with NSA? :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  12. National Information Exchange Model by RhettLivingston · · Score: 1

    For a very interesting look at all of the types of data being collected today, take a peek at the National Information Exchange Model. or the NIEM on github. The easiest way to look at the data is to download the models and open the niem-????.xlsx spreadsheet (name changes with version). The last time I checked, the rules for adding a schema to this model included a strong requirement that it be in use by two agencies before being eligible because its purpose is "exchange". So, it can be assumed that everything here is in use today.

    Spend some time looking and you should find models for storing biometric data ranging from the expected fingerprints, DNA, facial images, scar locations, etc. to other things you may have never thought of such as your gait, lip prints, your lip movement during speech, and your body odor composition. The jxdm models are as or more interesting as the biometrics models and include a lot of biometric model augmentations.

    Note that for some of these items such as gait and body odor, you'll need to look back at the 2.1 version of the standard. I don't know when, but at some point I'm guessing they realized this data revealed too much of what they were doing and they pulled some models. The j:PersonAugmentationType entry on the jxdm page was particularly interesting in 2.1.

    Facial data flew the coop long ago. There is software available today that can create a 3D facial reconstruction from a single image using a neural network. It's not super accurate, but other software can do it much better with many images. Most people have many images in public whether they know it or not. If you go downtown, how many cameras capture your image? Some cities are now estimated to have an average of three angles on you at any moment.

    We shouldn't be concerned about the use of this data by software to deliver us fun, and, down the road a bit, serious features. Unless you want to wear a mask everywhere you go, you can't stop it. Your face, and anything else that can be observed while you're walking down the street, is public data.

    We should be concerned about any use of biometric data of any type for authentication on any system that we consider critical or valuable.

  13. Re:This is incorrect by cloud.pt · · Score: 1

    Because whoever requests that depth map also has standard camera access and do loads more by cross-referencing photo+map, but I won't go into details before an elitist like Dog-Cow comes running saying I don't know enough of this to discuss it... :D

    But I believe the original article states actual data from FaceID will be available to apps, so what you state is not entirely accurate - they do get info from the dot projection system. They should get less fidelity, but that is exactly the argument here - they will extrapolate from the rough map from the dot projection data, and that's step 1 to reverse engineer original data. Of course only time will tell what can be done.

  14. Re:This is incorrect by SuperKendall · · Score: 1

    Because whoever requests that depth map also has standard camera access and do loads more by cross-referencing photo+map

    Yes, and??? They don't have to do any work to cross-reference, it's all bundled together as it is. But it doesn't matter because as I said it's nothing like the point structure capture taken by FaceID, it's not as detailed AND from an image you do not have all the angles of the face the way FaceID does.

    But I believe the original article states actual data from FaceID will be available to apps,

    Yes, it does STATE that; however I am an iOS developer and I am telling you that is UTTERY FALSE. There is no API access to that data, period, end of story. You only get access to the camera and depth map features on an image if the camera being used supports that.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  15. Prove to me that you're not the NSA. by Brannon · · Score: 1

    Go ahead. Keep in mind that any evidence you provide I will dismiss as being "fake".

    Do you see now why we don't ask people to prove a negative?

    1. Re:Prove to me that you're not the NSA. by antdude · · Score: 1

      Prove it. :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).