Apple Sharing iPhone X FaceID Data With Developers: Should You Be Concerned?

Apple’s FaceID ever since it was announced at the iPhone X launch in September has been plagued with privacy concerns. While the company reassured customers of the security of the mechanism, its new endeavor to share face mapping data from the device, might cause privacy issues.

The tech giant will be sharing data obtained from the company’s FaceID face scanner, which maps the user’s face and stores the face scans with third-party developers. According to a TechTimes report published on Thursday, privacy advocates are worried that this data could be used for inappropriate purposes without the users’ permission.

The FaceID mapping system works using three components — a TrueDepth camera, a dot projector and a floodlight illuminator.

Reuters reported Thursday that the company is making the developers seek permission from users and agree not to sell the data to others. This data is used by developers to create a stream of 50 kinds of facial expressions. Using computer software animates the data to show how users would look while blinking, smiling or raising eyebrows.

This data is stored on remote servers by the third-party developers. It is this remote storage that creates privacy issues. Privacy groups such as the American Civil Liberties Union and the Center for Democracy and Technology have raised issues with this remote storage.

"The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown. The real privacy issues have to do with the access by third-party developers," Jay Stanley, a senior policy analyst with the American Civil Liberties Union told Reuters.

Apple’s stand on the issue is that its system of checks including pre-publication reviews, audits and the threat of kicking a developer off its app store is adequate to deter malicious usage of such data. Also, any developer who is handed over FaceID data won’t be able to unlock the associated iPhone X using that data — the FaceID works on a precise mathematical algorithm rather than a visual map, according to data released to security researchers.

However, app developers have said in the past that Apple’s non-negotiable developer agreement is long, complex and rarely read in detail — which causes issues such as the 2012 Path app controversy. The app was found to be saving users’ contact list to its database, in violation of its contract. Also, the company told the U.S. Congress in 2011 that it is yet to punish any developer for sharing user information.

Rather than the data being used for malicious concerns, a larger issue is it being used for marketing purposes.

"The bottom line is, Apple is trying to make this a user experience addition to the iPhone X, and not an advertising addition," Clare Garvie, an associate with the Center on Privacy and Technology at Georgetown University Law Center in Washington, told Reuters.​