Apple iPhone X, the redesigned iPhone commemorating the tenth anniversary of one of the most successful consumer device, goes on sale globally starting today. The anniversary iPhone not only brings new design but also adds new sensors to enable facial recognition technology. The Face ID uses new TrueDepth camera system that uses an IR sensor and dot projector to create a 3D depth map of the user and unlock the device using facial recognition.
At the launch, Apple said that Face ID is highly secure and odds of it being breached is 1 in 1 million attempts. The company also added that the data will be securely stored on the device within the Secure Enclave. However, Reuters reports that the Cupertino-based company plans to share this facial mapping data with app developers. The report adds that the availability of facial mapping data will help developers to build new entertainment features or replace a game player's expression with the real-world expressions of iPhone X user.
Furthermore, Apple plans to allow developers to take certain facial data off the phone after seeking customer permission and agreeing to terms that they won't sell the data to third parties. Reuters cites the details are based on a contract it has seen. The agreement adds that developers will only have access to the facial mapping data and not the mathematical model used to unlock the device with Face ID.
The agreement further clarifies that app developers can remove the visual facial mapping data from the phone and store it on their own servers to monitor how often users blink, smile or raise an eyebrow. While Apple is not limiting the security aspect of Face ID, the data sharing raises questions as to whether Apple will be able to successfully limit the privacy aspect here.
A Google engineer recently demonstrated how any app with access to camera and photo gallery on iOS can record and transmit photos or videos from the device. The demonstration raised questions on whether app developers can spy on iOS users. In the case of facial mapping data, Apple's developer agreement says "App makers must “obtain clear and conspicuous consent” from users before collecting or storing face data, and can only do so for a legitimate feature of an app."
Apple has a strict policy in place for screening apps for malicious codes and it forbids developers from using the data for advertising or marketing purpose. However, the risk of facial data landing in the hands of advertisers cannot be eliminated altogether.