Sharing iPhone X Face Mapping Data With Third-Party App Developers

According to a new report, Apple plans to share facial mapping data captured by the iPhone X’s series of front-facing camera and sensors. Otherwise, app makers who want to use the new iPhone X’s camera can capture a rough map of a user’s face and a stream of more than 50 kinds of facial expressions.

Though the shiny new hardware includes a front-facing sensor module housed in the now infamous ‘notch’ which actually takes an unsightly but necessary bit out of the top of an edge-to-edge display, thereby enables the flagship smartphone to sense and map depth – including facial features.

How To Setup Face ID on iPhone X - Video

In fact, Apple’s privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player’s real-world facial expressions.

Developers do need explicit user permission according to Apple guidelines. Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract.

The revolution, contained in a developer agreement detailing the use of Apple’s new facial recognition software, which would apparently appear to undermine statements Apple made during the iPhone X unveil back in September. At that time, the company’s executives made an effort to placate privacy concerns with talk of strick on-device storage and end-to-end encryption.

While the developer agreement also reads, third-party app makers only will have access to the visual facial mapping data, and not the same mathematical representation of it that is used to unlock the iPhone X using Face ID. Yet developers still have access to a map of a user’s face as part of the TrueDepth camera, along with data on as many as fifty facial expressions that could tell a developer how exactly you raise your eyebrows or move your mouth, to name a few telling instances. It’s a bit similar to how Snapchat’s iPhone X-specific filters work, demoed onstage during the phone’s reveal.

Of course, there is more restriction here and there. Apple says the data can never be used for marketing or advertising purposes, and it cannot be bundled and sold to analytics companies or data brokers. In this case, Apple also bans developers from creating profiles of otherwise anonymous users by using unidentifying facial capture info. It would result in App Store bans if violated, as safeguards against the misuse of Face ID data.

The key point here is that Face ID data never leaves the user’s phone or indeed the Secure Enclave. And any iOS app developers wanting to incorporate Face ID authentication into their apps do not gain access to it either. The authentication happens only via a dedicated authentication API that only returns a positive or negative response after comparing the input signal with the Face ID data stored in the Secure Enclave.

“The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown,” said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. “The real privacy issues have to do with the access by third-party developers.”

The bottom line is, Apple trying to make this a user experience added to the iPhone X, and not an advertising addition. Though they praised Apple’s policies of face data, privacy experts worry about the potential inability to control what app developers do with face data once it leaves the iPhone X.

With iPhone X, the primary danger is that advertisers will find it irresistible to gauge how consumers react to products or to build tracking profiles of them, even though Apple explicitly bans such activity.

(Source: Reuters)

Up next: