It has been less than a day iPhone X sales kicked off globally (starts at 6PM today in India), and there is already a privacy risk being speculated. Of course, associated with Face ID. Also Read - PUBG New State receives over 17 million pre-registrations as closed alpha testing endsAlso Read - iPhone selling in LG stores? Apple is apparently in talks for a new deal
A recent report by Reuters managed to review the terms of a third-party app developer agreement with Apple, the data gleaned by the TrueDepth camera need not remain on a customer’s phone . Instead, it can be transmitted to non-Apple servers a revelation that has some privacy and security experts concerned. Also Read - Apple CEO Tim Cook claims iOS is more secure than Android
On the contrary, Apple has promised that all data gathered by Face ID will remain on the phone, and that “[when] using Face ID, the [third-party] app is notified only as to whether the authentication was successful; it can t access Face ID or the data associated with the enrolled face.”
However, Reuters points out that this promise by Apple does not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers. Apparently, Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by the publication. ALSO READ: Apple iPhone X Face ID is slower than Touch ID, but it s not all bad: Reports
App makers who want to use the new camera on the iPhone X can capture a rough map of a user s face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer s own servers, can help monitor how often users blink, smile or even raise an eyebrow.
Although, Apple maintains that its enforcement tools which include pre-publication reviews, audits of apps and the threat of kicking developers off its lucrative App Store are effective. As per the documentation about the face unlock system that Apple released to security researchers, the data available to developers cannot unlock a phone; that process relies on a mathematical representation of the face rather than a visual map of it. ALSO READ: Apple iPhone X: How to set up and use Face ID
BGR India has reached out to Apple to understand better about the issue. We still await the response and will update this space soon.
It is important to understand that the real concern here is that, despite Apple being in a contract with the app developers to not selling the face data they receive from any users, but practically, if someone does sell it ahead, one, it may not be the easiest to track, and two, once it s out there, it s there. Mashable quotes Dan Tentler, a security researcher with The Phobos Group, who said that once the data leaves Apple’s grip it no longer matters what the rules are. If the technological capability is there for abuse, he notes, bad actors will find a way to abuse it. RELATED: Apples can be sour, but a need is a need
“It wont matter [sic]. Advertisers are going to [go after the data] anyway, and it’s plausible there will be a black market or underground market for quietly lifting that data off of phones despite [Apple’s] rules,” Tentler explains. “The trouble here is that their defensive mechanism appears to be just a bunch of rules, and it’s staggeringly obvious that making something against the rules only stops people who elect to follow the rules.” ALSO READ: Apple CEO Tim Cook believes Rs 89,000 for iPhone X is a value price, but reality begs to differ