App Developer Access To iPhone X Face Data Spooks Some Privacy Experts

A reader shares a report: Apple won accolades from privacy experts in September for assuring that facial data used to unlock its new iPhone X would be securely stored on the phone itself. But Apple's privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player's real-world facial expressions. Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by Reuters. App makers who want to use the new camera on the iPhone X can capture a rough map of a user's face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer's own servers, can help monitor how often users blink, smile or even raise an eyebrow.

They can also use your phone, mic, and GPS!

[Anubis+IV]

...of course, you have to give them permission to do so, just the same as with this data, apparently.

As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you. I'm glad my weather app can grab my current location to give me useful information as I changed locations throughout the day. I'm glad Shazam or whatnot can use the mic to tell me what song is playing. I'm glad my camera apps can access the camera. And it's not outlandish to believe that I may eventually be glad that some form of facial data is getting synced via third-party servers between my devices.

But that'll be my call to make if and when I ever have a phone with these sorts of features, because without my permission, they can't do jack squat, so this whole topic is rather moot.

Re:They can also use your phone, mic, and GPS!

[Aaden42]

Apps aren't using the data for authentication. The phone still handles auth the same as TouchID. Apps are using face data to make the dog ears and tongue smile and frown along with your face in your selfie app. And possibly other purposes....

Time to up your meds

[Brannon]

1. your thumb-print never leaves the secure enclave of an iPhone, it's not stored electronically anywhere, there's no path for it to be extracted electronically at all. It would be *way* easier to get your thumb print off of a glass then it would to try to electronically hack it out of an iPhone

2. FaceID doesn't use 'image processing' because it doesn't use images, it uses infra-red depth sensing. If you just use it for authentication then it's basically the same deal as the thumbprint; secure enclave and whatnot--it doesn't leave your phone.

3. Apple does not sell your info, ever. Not because they are a naturally good or noble company, but because they would make less money if they did so. Their business model is based on selling physical pieces of hardware, not selling their customer data. They are basically the opposite of Google.