It just as crucially explained that the faceprints—or digital representations of a person’s face—it collects were saved onto the device itself, not uploaded to a cloud server. It didn’t, however, disclose that thousands of developers hoping to create facial recognition-based entertainment apps will be able to gain some access to those faceprints if granted permission.
The information they are provided reportedly includes 50 kinds of facial expressions and a “rough map” of a user’s face, according to a report from Reuters, citing documentation Apple sent to security researchers. All of that private data can be stored on a developer’s server as long as they receive “clear and conspicuous consent” from customers and agree not to sell it to third parties.
That fine print has privacy experts concerned. Groups including the American Civil Liberties Union and Center for Democracy and Technology are worried that Apple may not be able to enforce its privacy rules. With more than 2 million apps in the App Store, experts believe a rogue developer could sell the data to a marketer who would use it to track a user’s facial expressions when they look at advertisements.
“The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown,” Jay Stanley, senior policy analyst with the American Civil Liberties Union, told Reuters. “The real privacy issues have to do with the access by third-party developers.”
It’s important to point out that the data developers could receive wouldn’t let them unlock a phone because Face ID uses mathematical models of a face, not just visual.
Apple forbids advertisers or analytics firms from buying data from developers. It has several safeguards in place to prevent developers from misusing the data they’re granted access to, including extensive app reviews, audits to determine the info is being used for legit features, and threats to kick violators from the App Store.
We have reached out to Apple for more information and will update this article if we hear back.