Apple might have been praised for ensuring that Face ID data stays securely on the iPhone X, but privacy experts are concerned that the same thing isn’t true for the apps which use iPhone face data,
According to a new report, apps which use facial data for their services — such as offering fun masks for selfies or having animjoi-style video game characters who mirror the expression of gamers — are not subject to the same privacy terms and conditions. In fact, so long as they ask customer permission and don’t sell the data, they are free to take it off the phones and store it on their own networks.
‘Whisking away’ your face data
Reuters claims that, as per a contract that they saw, “app makers who want to use the new camera on the iPhone X can capture a rough map of a user’s face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer’s own servers, can help monitor how often users blink, smile or even raise an eyebrow.”
While this face data won’t allow hackers to break into Face ID by capturing data, it does potentially send confusing mixed messages about the security of iPhone face data. Specifically, groups like the American Civil Liberties Union take issue with the apparent ease with which developers can “whisk away face data to remote servers” not under Apple’s control.
It’s a complicated issue (and, after all, does still require users to agree to terms and conditions stating that their face data can be used), but it also could prove to be a thorn in Apple’s side as it continues to promote the privacy of user data.