Apple this year ditched Touch ID in favor of Face ID. The concept behind this technology is to make logins safer and more intuitive. However, it comes with obvious privacy and security concerns. Experts have warned that for getting some convenience users are being pushed to give away parts of their personal details that otherwise remain private. From personal information for signing up, phone numbers for 2FA, financial data for play store purchases to biometrics and now facial maps - nothing is private anymore.
Jay Stanley, a senior policy analyst at the American Civil Liberties Union (ACLU), however, suggests that most of the privacy concerns around Apple's Face ID are overblown.
"The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown."
The real issue with Face ID, Stanley says, is not Apple but developers
When Apple introduced Face ID at its keynote event in September, the company faced a number of questions from privacy and security experts. Responding to these concerns, Apple made sure to stress on how 3D face recognition model is stored on the device and much like Touch ID, the data never leaves your phone. Now, the ACLU has said that the company is actually giving app developers access to some of this data for trendy new features like "letting a video game character mirror the player’s real-world facial expressions."
“The real privacy issues have to do with the access by third-party developers.”
Having seen terms in a contract, Reuters reports that "Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties." However, Apple cannot verify or enforce this condition all time.
"App makers who want to use the new camera on the iPhone X can capture a rough map of a user’s face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer’s own servers, can help monitor how often users blink, smile or even raise an eyebrow."
While app developers cannot unlock a phone with this data, this access to "some" of the data raises concerns about how it could be used without user's permission since the data is leaving user's phone. In its report, Reuters said that while government snooping isn't a concern either - since they already have a lot of facial photographs - the problem is advertisers using this data to further "tailor" their reach by tracking users' facial expressions.
Apple hasn't built Face ID for advertisers but it will have a hard time avoiding privacy abuses by app developers
"Whether you’re taking a photo, asking Siri a question, or getting directions, you can do it knowing that Apple doesn’t gather your personal information to sell to advertisers or other organizations," Apple continues to promise. The iPhone maker has always maintained that new features don't have to come "at the expense of your privacy and security."
“It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”
However, even "household names" have often been found exploiting features - sometimes with Apple's permission. A security researcher recently revealed how Apple had given Uber access to APIs that enabled the ride hailing company to potentially record a user's screen.
Looking at the past few years, every new technology has been introduced amid these concerns but somehow we end up getting used to them after a while. In Apple's favor, the company has provided convenience with a facial recognition system that actually works and that recognition system doesn't extend to developers (recognition relies on a mathematical representation not visuals). Add in the fact that app developers can already use your phone camera to record you all the time if you have given that app camera permissions, this probably wouldn't be considered such a big deal by users.