Slashdot Mirror

← Back to Stories (view on slashdot.org)

App Developer Access To iPhone X Face Data Spooks Some Privacy Experts (reuters.com)

Posted by msmash on from the security-woes dept.

A reader shares a report: Apple won accolades from privacy experts in September for assuring that facial data used to unlock its new iPhone X would be securely stored on the phone itself. But Apple's privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player's real-world facial expressions. Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by Reuters. App makers who want to use the new camera on the iPhone X can capture a rough map of a user's face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer's own servers, can help monitor how often users blink, smile or even raise an eyebrow.

8 of 71 comments (clear)

  1. HACKED BY CHINESE by Thud457 · · Score: 2

    Good luck changing your face when the inevitable data breach happens!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  2. They can also use your phone, mic, and GPS! by Anubis+IV · · Score: 5, Insightful

    ...of course, you have to give them permission to do so, just the same as with this data, apparently.

    As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you. I'm glad my weather app can grab my current location to give me useful information as I changed locations throughout the day. I'm glad Shazam or whatnot can use the mic to tell me what song is playing. I'm glad my camera apps can access the camera. And it's not outlandish to believe that I may eventually be glad that some form of facial data is getting synced via third-party servers between my devices.

    But that'll be my call to make if and when I ever have a phone with these sorts of features, because without my permission, they can't do jack squat, so this whole topic is rather moot.

    1. Re:They can also use your phone, mic, and GPS! by Aaden42 · · Score: 4, Insightful

      Apps aren't using the data for authentication. The phone still handles auth the same as TouchID. Apps are using face data to make the dog ears and tongue smile and frown along with your face in your selfie app. And possibly other purposes....

    2. Re:They can also use your phone, mic, and GPS! by Gravis+Zero · · Score: 2

      ...of course, you have to give them permission to do so, just the same as with this data, apparently.

      As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you.

      Unfortunately, we live in an age where a great deal of people will accept the abuse from Facebook because they believe "[t]he only other option is the self abuse of having no social life."

      I feel like we are only just beginning to experience the consequence of having a society filled with "app addicts".

      --
      Anons need not reply. Questions end with a question mark.
  3. Joke of the Day by thomn8r · · Score: 2

    Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties

    My sides! Ow! Please, stop, you're killing me!

  4. Duh by 110010001000 · · Score: 3, Insightful

    This is duh. Did you think Apple added this "feature" for security? They added it to get biometric data. No one wants to unlock a phone with a face. Just just a PIN. Most people don't even want to bother with PINs or security at all.

  5. Apple wants to sell phones, not your data by Brannon · · Score: 2

    There's basically zero evidence to suggest that Apple is the least bit interested in selling your personal info to anyone. That would be a minuscule revenue stream compared to the billions of dollars they make off of iPhones; and it would put those much more substantial revenue streams at risk. They've made privacy & security part of their brand.

  6. Time to up your meds by Brannon · · Score: 4, Informative

    1. your thumb-print never leaves the secure enclave of an iPhone, it's not stored electronically anywhere, there's no path for it to be extracted electronically at all. It would be *way* easier to get your thumb print off of a glass then it would to try to electronically hack it out of an iPhone

    2. FaceID doesn't use 'image processing' because it doesn't use images, it uses infra-red depth sensing. If you just use it for authentication then it's basically the same deal as the thumbprint; secure enclave and whatnot--it doesn't leave your phone.

    3. Apple does not sell your info, ever. Not because they are a naturally good or noble company, but because they would make less money if they did so. Their business model is based on selling physical pieces of hardware, not selling their customer data. They are basically the opposite of Google.