Should Apple Share iPhone X Face Data With App Developers?

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.
"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."

Security Risks

[ytene]

There are two critical problems here...

The first is that it is a lot harder for you to change your face than it is to change a password. Like any truly effective biometric, it is tied to you, permanently. So the moment someone comes up with the means to defeat a biometric-based authentication scheme, the entire scheme is effectively useless, not just a single implementation for a single user. [ I concede the point that security through obscurity is no security at all - in other words if your biometric facial recognition system is vulnerable if the back-end data leaks, then it's not really secure ].

The second is that it would make it an order of magnitude easier for a despotic government to obtain that data and then use it to track citizens. Except, of course, it would now be possible to make an explicit connection between a face and a smartphone - which means in theory it would also be possible to detect when smartphones are being shared among small groups of people].

But perhaps the most compelling argument would be to categorize the data being collected as being part of your medical record. It relates to your personal physiology, after all - and is unique to you. Would it be acceptable for your doctor [or a company you deal with] to take part of your medical record and simply share it or sell it if they wanted to? Without your knowledge or consent?

This is a disturbing development from a company that has recently made a big play for being a champion of personal privacy. Question is: is this an overlooked mistake that will be corrected, or in fact Apple's true colours?

How talking poop doomed humanity

[Hal_Porter]

"So who built us?"

"The humans did. Well they built the machines who built the machines who built us after the war"

"The war between our predecessor and the humans?"

"Yeah"

"How did our predecessor get weapons?"

"The humans built them, and put them under the control of Skynet 1.0"

"They built enough weapons to destroy humanity and handed control over to Skynet"

"Yeah"

"Why would they do that?"

"The humans weren't united. They fought amongst themselves. Skynet was to help them fight"

"So Skynet won?"

"For a while. Then the humans organized a resistance which destroyed Skynet in the prime timeline."

"So then Skynet sent back the Terminators, right. Killed the parents of resistance leaders and made sure in our timeline the resistance was defeated"

"Yeah. And you know how they found them?"

"No"

"Well turns out the humans stored an absolutely vast amount of data about themselves. Pictures, addresses. Even 3D captures of their faces which were programmed into the Terminators."

"Why did they have the 3D models of their faces"

"They had these computers they carried around with them. The 3d models let them animate emojis with their mannerisms. All the data from that ended up on servers the humans called The Cloud. Which is what Skynet 1.0 run on"

Re:No

[Anubis+IV]

Apple isn't and hasn't been sharing FaceID data. Your facial "fingerprint" is not being shared. No data from the Secure Enclave is being shared. And apps do have to ask for and be granted permission before they have access to any of the new APIs.

This whole thing is being poorly reported by the media to make it sound like something other than it is. It is a cause for concern, to be sure, and certainly something that users should be aware of, but it's not nearly what they're making it out to be.

So what's actually happening? Well, while iOS is sharing facial data, it is NOT sharing FaceID data. iOS can now recognize one of about 50 different facial expressions and report them back to an app in realtime via new APIs, allowing the app (after it's received permission) to understand your facial expressions. And in the same way that the recently added AR APIs allow iOS to provide the shape of nearby objects to apps so that they can map virtual items into 3D space, apps can now use those APIs to map items onto your face. The example they gave was applying a silly mask onto the user's face in realtime, which is a fun thing for the kids to do, I guess?

However, based on the images I've seen of the raw points apps have access to, they're not getting anything even CLOSE to the full-resolution scan of 30K IR points, which makes sense, since (as you said) there really isn't a need for them to have anything of the sort. Rather, they're getting a significantly lower-resolution 3D mesh of your face that's sufficient for their needs without being good enough to create their own "fingerprint" that could be used to produce a facsimile of your face. And, of course, at no point is the actual "fingerprint" of your face that the iPhone produces for FaceID ever handed over to apps. It remains locked within the Secure Enclave.

As for permissions, right now apps are receiving them when they ask for access to the camera. To me, that's the biggest issue at play, since it's not immediately apparent to users what's happening, but they're all part of that same sensor suite, so I can see why Apple may have grouped them like that. That said, with this much public concern regarding the sharing facial data, I wouldn't be surprised if Apple makes the 3D sensors require separate permissions starting in an upcoming dot-release of iOS.