There's just one day to go before iPhone's highly-anticipated iPhone X goes on sale, but experts are warning of serious privacy issues with the new device. 

Privacy experts have revealed that thousands of app developers will be able to gain access to facial data from the iPhone's Face ID feature in order to build entertainment features for customers.

The news raises serious questions about the privacy of Apple's facial recognition feature, and whether it could be exploited by advertisers. 

Scroll down for video 

Privacy experts have revealed that thousands of app developers will be able to gain access to facial data from the iPhone's Face ID feature in order to build entertainment features for customers

Privacy experts have revealed that thousands of app developers will be able to gain access to facial data from the iPhone's Face ID feature in order to build entertainment features for customers

Privacy experts have revealed that thousands of app developers will be able to gain access to facial data from the iPhone's Face ID feature in order to build entertainment features for customers

KEY CONCERNS 

The data available to developers cannot unlock a phone; that process relies on a mathematical representation of the face rather than a visual map of it, according to documentation about the face unlock system that Apple released to security researchers. 

Privacy experts say their concerns about iPhone X are not about government snooping, since huge troves of facial photographs already exist on social media and even in state motor vehicle departments.

The issue is more about unscrupulous marketers eager to track users' facial expressions in response to advertisements or content, despite Apple's contractual rules against doing so. 

App makers who want to use the new camera on the iPhone X can capture a rough map of a user's face and a stream of more than 50 kinds of facial expressions. 

This data, which can be removed from the phone and stored on a developer's own servers, can help monitor how often users blink, smile or even raise an eyebrow.

That remote storage raises questions about how effectively Apple can enforce its privacy rules, according to privacy groups such as the American Civil Liberties Union and the Center for Democracy and Technology. 

Apple maintains that its enforcement tools – which include pre-publication reviews, audits of apps and the threat of kicking developers off its lucrative App Store – are effective.

The data available to developers cannot unlock a phone; that process relies on a mathematical representation of the face rather than a visual map of it, according to documentation about the face unlock system that Apple released to security researchers.

HOW FACE ID WORKS

Face ID uses a TrueDepth front-facing camera on the iPhone X, which has multiple components. 

A Dot Projector projects more than 30,000 invisible dots onto your face to map its structure.

The dot map is then read by an infrared camera and the structure of your face is relayed to the A11 Bionic chip in the iPhone X, where it is turned into a mathematical model. 

The A11 chip then compares your facial structure to the facial scan stored in the iPhone X during the setup process. 

Face ID uses infrared to scan your face, so it works in low lighting conditions and in the dark. 

It will only unlock your device when you look in the direction of the iPhone X with your eyes open.

Face ID captures both a 3-D and 2-D image of your face using infrared light while you're looking straight at the camera.  

Five unsuccessful attempts at Face ID will force you to enter a passcode – which you'll need anyway just to set up facial recognition.  

But the relative ease with which developers can whisk away face data to remote servers leaves Apple sending conflicting messages: Face data is highly private when used for authentication, but it is shareable – with the user's permission – when used to build app features.

'The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown,' said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. 

'The real privacy issues have to do with the access by third-party developers.'

Privacy experts say their concerns about iPhone X are not about government snooping, since huge troves of facial photographs already exist on social media and even in state motor vehicle departments. 

The issue is more about marketers eager to track users' facial expressions in response to advertisements or content, despite Apple's contractual rules against doing so.

App makers must 'obtain clear and conspicuous consent' from users before collecting or storing face data, and can only do so for a legitimate feature of an app, according to the relevant portions of Apple's developer agreement.

Apple's iOS operating system also asks users to grant permission for an app to access to any of the phone's cameras.

Face ID uses a TrueDepth front-facing camera on the iPhone X, which has multiple components (pictured)

Face ID uses a TrueDepth front-facing camera on the iPhone X, which has multiple components (pictured)

Face ID uses a TrueDepth front-facing camera on the iPhone X, which has multiple components (pictured)

Apple forbids developers from using the face data for advertising or marketing, and from selling it to data brokers or analytics firms that might use it for those purposes. 

The company also bans the creation of user profiles that could be used to identify anonymous users, according to its developer agreement.

'The bottom line is, Apple is trying to make this a user experience addition to the iPhone X, and not an advertising addition,' said Clare Garvie, an associate with the Center on Privacy and Technology at Georgetown University Law Center in Washington.

The issue is about unscrupulous marketers eager to track users' facial expressions in response to advertisements or content, despite Apple's contractual rules against doing so

The issue is about unscrupulous marketers eager to track users' facial expressions in response to advertisements or content, despite Apple's contractual rules against doing so

The issue is about unscrupulous marketers eager to track users' facial expressions in response to advertisements or content, despite Apple's contractual rules against doing so

WHEN FACE ID FAILS 

According to Apple, users must enter your passcode for additional security validation when:

  •  The device has just been turned on or restarted. 
  • The device hasn’t been unlocked for more than 48 hours. 
  • The passcode hasn’t been used to unlock the device in the last six and a half days and Face ID hasn't unlocked the device in the last 4 hours. 
  • The device has received a remote lock command. 
  • After five unsuccessful attempts to match a face. 
  • After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.

Though they praised Apple's policies on face data, privacy experts worry about the potential inability to control what app developers do with face data once it leaves the iPhone X, and whether the tech company's disclosure policies adequately alert customers.

The company has had high-profile mishaps enforcing its own rules in the past, such as the 2012 controversy around Path, a social networking app that was found to be saving users' contact lists to its servers, a violation of Apple's rules.

One app developer said that Apple's non-negotiable developer agreement is long and complex and rarely read in detail, just as most consumers do not know the details of what they agree to when they allow access to personal data.

Apple's main enforcement mechanism is the threat to kick apps out of the App Store, though the company in 2011 told the US Congress that it had never punished an app in that way for sharing user information with third parties without permission.

Apple's other line of defense against privacy abuse is the review that all apps undergo before they hit the App Store. 

There's just one day to go before iPhone's highly-anticipated iPhone X goes on sale, but experts are warning of serious privacy issues with the new device

There's just one day to go before iPhone's highly-anticipated iPhone X goes on sale, but experts are warning of serious privacy issues with the new device

There's just one day to go before iPhone's highly-anticipated iPhone X goes on sale, but experts are warning of serious privacy issues with the new device

But the company does not review the source code of all apps, instead relying on random spot checks or complaints, according to 2011 Congressional testimony from Bud Tribble, one of the company's 'privacy czars.'

With the iPhone X, the primary danger is that advertisers will find it irresistible to gauge how consumers react to products or to build tracking profiles of them, even though Apple explicitly bans such activity.

'Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first – and sometimes that's the hard part,' the ACLU's Stanley said. 

'It means household names probably won't exploit this, but there's still a lot of room for bottom feeders.'

LEAVE A REPLY

Please enter your comment!
Please enter your name here