Apple Will Share Face ID Data from the iPhone X with Third-Party App Developers
Apple plans to share facial mapping data captured by the iPhone X’s series of front-facing cameras and sensors, according to a report by Reuters. The revelation, contained in a developer agreement detailing the use of Apple’s new Face ID facial recognition software, would appear to undermine statements Apple made during the iPhone X reveal back in September. The company’s executives at the time made an effort to placate privacy concerns with talk of strict on-device storage and end-to-end encryption, but did not mention third-party developer access.
However, there’s quite a bit of unpacking to do here regarding what developers actually have access to and under what terms. According to the developer agreement, third-party app makers only have access to the visual facial mapping data, and not the same mathematical representation of it that is used to unlock the iPhone X. Apple claims the latter is encrypted on the device itself, so not even its own employees have access to it. Yet developers do still have access to a “rough” map of a user’s face, as Reuters puts it, along with as many as 50 facial expressions that could tell a developer how exactly you raise your eyebrows or move your mouth, to name a few telling instances.
There are of course restrictions here. Apple says the data can never be used for advertising or marketing, and it cannot be bundled and sold to analytics companies or data brokers. Apple also bans developers from creating profiles of otherwise anonymous users by using identifying information from Face ID captures. Apple cites its rigorous app review process, and its hardline stance on privacy issues that would result in App Store bans if violated, as safeguards against the misuse of Face ID data. Apple did not respond to a request for comment to confirm these aspects of Face ID or what the user permission process looks like. It’s unclear if permission can be granted on an app-by-app basis, similar to location services.
Despite the apparent protections, organizations like the American Civil Liberties Union are concerned that an era of widespread facial recognition technology, no matter the intentions or safeguards of its creator, could yield unexpected results. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first - and sometimes that’s the hard part,” Jay Stanley, an ACLU senior policy analyst, told Reuters. “It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”