App developer access to iPhone X face data spooks some privacy experts

A attendee uses a new iPhone X during a presentation for the media in Beijing, China October 31, 2017. REUTERS/Thomas Peter
attendee uses a new iPhone X during a presentation for the media
in Beijing


By Stephen Nellis

SAN FRANCISCO (Reuters) – Apple Inc won accolades from privacy
experts in September for assuring that facial data used to unlock
its new iPhone X would be securely stored on the phone itself.

But Apple’s privacy promises do not extend to the thousands of
app developers who will gain access to facial data in order to
build entertainment features for iPhone X customers, such as
pinning a three-dimensional mask to their face for a selfie or
letting a video game character mirror the player’s real-world
facial expressions.

Apple allows developers to take certain facial data off the phone
as long as they agree to seek customer permission and not sell
the data to third parties, among other terms in a contract seen
by Reuters.

App makers who want to use the new camera on the iPhone X can
capture a rough map of a user’s face and a stream of more than 50
kinds of facial expressions. This data, which can be removed from
the phone and stored on a developer’s own servers, can help
monitor how often users blink, smile or even raise an eyebrow.

That remote storage raises questions about how effectively Apple
can enforce its privacy rules, according to privacy groups such
as the American Civil Liberties Union and the Center for
Democracy and Technology. Apple maintains that its enforcement
tools – which include pre-publication reviews, audits of apps and
the threat of kicking developers off its lucrative App Store –
are effective.

The data available to developers cannot unlock a phone; that
process relies on a mathematical representation of the face
rather than a visual map of it, according to documentation about
the face unlock system that Apple released to security

READ ---  Ancient Jurassic 'Fish Lizard' Fossil Discovered In India For The First Time

But the relative ease with which developers can whisk away face
data to remote servers leaves Apple sending conflicting messages:
Face data is highly private when used for authentication, but it
is sharable – with the user’s permission – when used to build app

“The privacy issues around of the use of very sophisticated
facial recognition technology for unlocking the phone have been
overblown,” said Jay Stanley, a senior policy analyst with the
American Civil Liberties Union. “The real privacy issues have to
do with the access by third-party developers.”

The use of face recognition is becoming ubiquitous on everything
from social networks to city streets with surveillance cameras.
Berlin law enforcement officials in August installed a facial
recognition system at the city’s main railway station to test new
technology for catching criminals and terrorists.

But privacy concerns loom large. In Illinois, Facebook Inc faces
a lawsuit over whether its photo tagging suggestions violated a
state law that bars the collection of biometric data without
permission. Facebook says it has always been clear with users
that it can be turned off and the data for it deleted.

Privacy experts say their concerns about iPhone X are not about
government snooping, since huge troves of facial photographs
already exist on social media and even in state motor vehicle
departments. The issue is more about unscrupulous marketers eager
to track users’ facial expressions in response to advertisements
or content, despite Apple’s contractual rules against doing so.

App makers must “obtain clear and conspicuous consent” from users
before collecting or storing face data, and can only do so for a
legitimate feature of an app, according to the relevant portions
of Apple’s developer agreement that Apple provided to Reuters.

READ ---  Samsung Galaxy Note 8 Rumors Roundup

Apple’s iOS operating system also asks users to grant permission
for an app to access to any of the phone’s cameras.

Apple forbids developers from using the face data for advertising
or marketing, and from selling it to data brokers or analytics
firms that might use it for those purposes. The company also bans
the creation of user profiles that could be used to identify
anonymous users, according to its developer agreement.

“The bottom line is, Apple is trying to make this a user
experience addition to the iPhone X, and not an advertising
addition,” said Clare Garvie, an associate with the Center on
Privacy & Technology at Georgetown University Law Center in


Though they praised Apple’s policies on face data, privacy
experts worry about the potential inability to control what app
developers do with face data once it leaves the iPhone X, and
whether the tech company’s disclosure policies adequately alert

The company has had high-profile mishaps enforcing its own rules
in the past, such as the 2012 controversy around Path, a social
networking app that was found to be saving users’ contact lists
to its servers, a violation of Apple’s rules.

One app developer told Reuters that Apple’s non-negotiable
developer agreement is long and complex and rarely read in
detail, just as most consumers do not know the details of what
they agree to when they allow access to personal data.

Apple’s main enforcement mechanism is the threat to kick apps out
of the App Store, though the company in 2011 told the U.S.
Congress that it had never punished an app in that way for
sharing user information with third parties without permission.

READ ---  Yankees confident in upset, but this is no ordinary Indians team

Apple’s other line of defense against privacy abuse is the review
that all apps undergo before they hit the App Store. But the
company does not review the source code of all apps, instead
relying on random spot checks or complaints, according to 2011
Congressional testimony from Bud Tribble, one of the company’s
“privacy czars.”

With the iPhone X, the primary danger is that advertisers will
find it irresistible to gauge how consumers react to products or
to build tracking profiles of them, even though Apple explicitly
bans such activity. “Apple does have a pretty good historical
track record of holding developers accountable who violate their
agreements, but they have to catch them first – and sometimes
that’s the hard part,” the ACLU’s Stanley said. “It means
household names probably won’t exploit this, but there’s still a
lot of room for bottom feeders.”

(Reporting by Stephen Nellis; Editing by Jonathan Weber and
Edward Tobin)