A series of privacy advocates are taking issue with Apple allowing developers to use the TrueDepth camera central to the Face ID system under limited circumstances — and with serious restrictions applied by Apple to what coders can use the data for.
A report on Thursday morning by Reuters notes that Apple's terms for developers allows app creators to utilize "certain facial data" such as attaching an augmented reality mask to a user's face. Additionally, some data can be collected by the developers — assuming they get "clear and conspicuous consent" from the user.
Apple is disallowing access in any way to stored identification data. Under debate is any developer use of the TrueDepth system associated with Face ID.
"The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown," said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. "The real privacy issues have to do with the access by third-party developers."
Apple's terms specifically prohibit developers from using the face data for advertising or marketing, or generating user profiles to identify anonymous users. Also disallowed is selling the data to others who may use the information.
Clare Garvie, an associate with the Center on Privacy & Technology at Georgetown University Law Center said that Apple's terms for developers are clear that the technology is a "user experience addition" and not one for advertising.
An Apple corporate employee not authorized to speak on behalf of the company told AppleInsider that what developers are allowed to use is "profoundly, seriously limited" and isn't precise enough to be utilized to build a third-party facial recognition database, even if users allow their data to be collated.
The issue isn't developers that adhere to Apple's policies. Advocates are concerned about rogue developers who may use the Face ID system unscrupulously and surreptitiously.
Apple already requires discrete permission to be granted per app to use a camera in the first place. At this time, it is unclear if there is a required dialog box for users to agree to to allow developers to collect Face ID data.
"Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first - and sometimes that's the hard part," Stanley said. "It means household names probably won't exploit this, but there's still a lot of room for bottom feeders."
The Face ID system, and the True Depth camera are debuting with the iPhone X — which will be in customer's hands on Friday. The technology is expected to migrate to Apple's entire fall 2018 line of iPhones.
18 Comments
Apple have already said it's a low poly mesh. That's the sort of thing that's good for a Snapchat filter, but that is worlds away from ID. Rather, it's the existing camera that's in every smartphone which would be far superior at building out an identification database.
Also take a moment to appreciate what Facebook and Google Photos are already doing with access to your images.
Don't know if it's possible, but I guess I'd be concerned if an advertiser were able to somehow tie my face with some product I was looking at, then implemented some magical technology that could ID me while walking down the street or entering a store and flash an ad on a sign related to the product I was looking at earlier.
Personally I'm a little bit surprised Apple is allowing facial expression data to be used by 3rd parties this soon. TBH I don't know how they would actually police the use of it for activities that Apple wouldn't approve of. I would imagine unscrupulous devs would do dirty work on the server side which Apple wouldn't have easy/any access to. In any event it's not necessarily a big privacy issue, they're not sharing your photo.