When Apple announced its new FaceID feature on the iPhone X, it made sure to quell people’s privacy fears by insisting that all image processing would happen locally. Therefore, their faces wouldn’t be available to hackers that managed to break into their iCloud. Unfortunately, it seems there’s another way that strangers can get their hands on your facial data anyway.
According to Reuters, the thousands of third party app developers for iOS will gain access to certain bits of facial data in order to build features for the iPhone X, like the newly introduced Animoji.
Reuters
Apple will allow these developers to take certain face data off the phone on the condition in the contract that they agree to seek the user’s permission first, and promise to not sell it to another party. When developers gain this permission, they can store a map of the user’s face, as well as over 50 kinds of facial expressions, and store it on their own remote servers for use. And that is the exact problem Internet privacy advocates have with this.
Allowing developers to store this kind of sensitive data calls into question just how well Apple is safeguarding its customers’ privacy and safety. Meanwhile, Apple says that its security measures – including reviewing apps before they are published on the store, auditing existing apps, and kicking offending developers off the App store – are effective.
The data developers get access to can’t unlock the iPhone X by itself, but it’s still unclear just what a dedicated troublemaker could do with it.
REUTERS
“The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown,” Jay Stanley, a senior policy analyst with the American Civil Liberties Union, told Reuters. “The real privacy issues have to do with the access by third-party developers.”
Basically, experts are worried that Apple can’t really control what developers do with that face data once it leaves a person’s phone. They could just turn around and sell it to marketers, and no one would be the wiser. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first – and sometimes that’s the hard part,” Stanley added. “It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”