App developer access to iPhone X face
data spooks some privacy experts
Send a link to a friend
[November 02, 2017]
By Stephen Nellis
SAN FRANCISCO (Reuters) - Apple Inc
<AAPL.O> won accolades from privacy experts in September for assuring
that facial data used to unlock its new iPhone X would be securely
stored on the phone itself.
But Apple's privacy promises do not extend to the thousands of app
developers who will gain access to facial data in order to build
entertainment features for iPhone X customers, such as pinning a
three-dimensional mask to their face for a selfie or letting a video
game character mirror the player's real-world facial expressions.
Apple allows developers to take certain facial data off the phone as
long as they agree to seek customer permission and not sell the data to
third parties, among other terms in a contract seen by Reuters.
App makers who want to use the new camera on the iPhone X can capture a
rough map of a user's face and a stream of more than 50 kinds of facial
expressions. This data, which can be removed from the phone and stored
on a developer's own servers, can help monitor how often users blink,
smile or even raise an eyebrow.
That remote storage raises questions about how effectively Apple can
enforce its privacy rules, according to privacy groups such as the
American Civil Liberties Union and the Center for Democracy and
Technology. Apple maintains that its enforcement tools - which include
pre-publication reviews, audits of apps and the threat of kicking
developers off its lucrative App Store - are effective.
The data available to developers cannot unlock a phone; that process
relies on a mathematical representation of the face rather than a visual
map of it, according to documentation about the face unlock system that
Apple released to security researchers.
But the relative ease with which developers can whisk away face data to
remote servers leaves Apple sending conflicting messages: Face data is
highly private when used for authentication, but it is sharable - with
the user's permission - when used to build app features.
"The privacy issues around of the use of very sophisticated facial
recognition technology for unlocking the phone have been overblown,"
said Jay Stanley, a senior policy analyst with the American Civil
Liberties Union. "The real privacy issues have to do with the access by
The use of face recognition is becoming ubiquitous on everything from
social networks to city streets with surveillance cameras. Berlin law
enforcement officials in August installed a facial recognition system at
the city’s main railway station to test new technology for catching
criminals and terrorists.
But privacy concerns loom large. In Illinois, Facebook Inc <FB.O> faces
a lawsuit over whether its photo tagging suggestions violated a state
law that bars the collection of biometric data without permission.
Facebook says it has always been clear with users that it can be turned
off and the data for it deleted.
Privacy experts say their concerns about iPhone X are not about
government snooping, since huge troves of facial photographs already
exist on social media and even in state motor vehicle departments. The
issue is more about unscrupulous marketers eager to track users' facial
expressions in response to advertisements or content, despite Apple's
contractual rules against doing so.
App makers must "obtain clear and conspicuous consent" from users before
collecting or storing face data, and can only do so for a legitimate
feature of an app, according to the relevant portions of Apple's
developer agreement that Apple provided to Reuters.
[to top of second column]
A attendee uses a new iPhone X during a presentation for the media
in Beijing, China October 31, 2017. REUTERS/Thomas Peter
Apple's iOS operating system also asks users to grant permission for
an app to access to any of the phone's cameras.
Apple forbids developers from using the face data for advertising or
marketing, and from selling it to data brokers or analytics firms
that might use it for those purposes. The company also bans the
creation of user profiles that could be used to identify anonymous
users, according to its developer agreement.
"The bottom line is, Apple is trying to make this a user experience
addition to the iPhone X, and not an advertising addition," said
Clare Garvie, an associate with the Center on Privacy & Technology
at Georgetown University Law Center in Washington.
ENFORCEMENT IN QUESTION
Though they praised Apple's policies on face data, privacy experts
worry about the potential inability to control what app developers
do with face data once it leaves the iPhone X, and whether the tech
company's disclosure policies adequately alert customers.
The company has had high-profile mishaps enforcing its own rules in
the past, such as the 2012 controversy around Path, a social
networking app that was found to be saving users' contact lists to
its servers, a violation of Apple's rules.
One app developer told Reuters that Apple's non-negotiable developer
agreement is long and complex and rarely read in detail, just as
most consumers do not know the details of what they agree to when
they allow access to personal data.
Apple's main enforcement mechanism is the threat to kick apps out of
the App Store, though the company in 2011 told the U.S. Congress
that it had never punished an app in that way for sharing user
information with third parties without permission.
Apple's other line of defense against privacy abuse is the review
that all apps undergo before they hit the App Store. But the company
does not review the source code of all apps, instead relying on
random spot checks or complaints, according to 2011 Congressional
testimony from Bud Tribble, one of the company's "privacy czars."
With the iPhone X, the primary danger is that advertisers will find
it irresistible to gauge how consumers react to products or to build
tracking profiles of them, even though Apple explicitly bans such
activity. "Apple does have a pretty good historical track record of
holding developers accountable who violate their agreements, but
they have to catch them first - and sometimes that's the hard part,"
the ACLU's Stanley said. "It means household names probably won't
exploit this, but there's still a lot of room for bottom feeders."
(Reporting by Stephen Nellis; Editing by Jonathan Weber and Edward
[© 2017 Thomson Reuters. All rights
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.