Is Apple really giving away your Face ID data to developers?

Is Apple really giving away your Face ID data to developers?

The Apple iPhone X uses Face ID, an innovative and highly advanced system to get a unique 3D scan of your face that allows the phone to recognize it is you looking at it in a split second. Having that data stolen is naturally a big privacy concern, but Apple has gone out of its way to reassure customers that their Face ID data never leaves the phone and is securely, encrypted on the phone itself.

But now, reports have surfaced that Apple will actually give your face data to developers. Publications of all ranks including the likes of Reuters were quick to jump on the news and say that this could be a major privacy concern.

So... is Apple indeed giving away your Face ID data to app developers?

Not really, but you need to know the details.


Face ID uses a complicated system that provides a full 3D scan of your face, mapped by over 30,000 individual points. This data never leaves your phone and it is not available to developers, period. What is available to developers, however, is access to the front camera (without that detailed map of your face). This is done to make augmented reality applications better, and means that apps like Snapchat can create more realistic filters, tracking your face. Other ARKit apps will jump on board as well.

An app would need to create a privacy policy and get users' explicit consent for this.

Keep in mind: this is different than Face ID, it's not related to it. So if you are wondering whether registering Face ID means that you automatically give away your face data to app developers, the answer is a resounding 'no'.


What app developers can still get is access to the front camera that now has a TrueDepth sensor, so they can get a more detailed reading for those augmented reality features.

Is this is a privacy concern itself? Well... it could be. Apple's terms explicitly forbid app developers from selling that data: “You may not use Face Data for authentication, advertising, or marketing purposes, or to otherwise target an end-user in a similar manner,” the developer agreement reads. But is there any guarantee against that malicious hacker cracking the system of a certain app developer and getting access to that face data? Not really.

So while Face ID seems like a very secure system at the moment, your face data at app developers is certainly not as well protected. So next time you get a pop up with a bunch of text on Snapchat or Instagram, asking for your permission, you might want to read it very carefully before accepting. Having those cute rabbit ears in that app might not be worth giving away your face data. But registering Face ID? It seems safe at the moment.

FEATURED VIDEO

18 Comments

1. Jimrod

Posts: 1605; Member since: Sep 22, 2014

The user has to agree right? So no, the user is giving away their FaceID info, if they choose to.

5. Martin_Cooper

Posts: 1774; Member since: Jul 30, 2013

Ye cause there were never cases of app developers using our data without our permission. Heck Uber used your detailed data for years without any kind of permission.

8. Victor.H

Posts: 1026; Member since: May 27, 2011

No. It's two things. 1. Face ID - nobody can get a hold of it. 2. Front camera with depth (but not dot projector) - apps can ask permission for it.

11. lyndon420

Posts: 6443; Member since: Jul 11, 2012

The FBI have ways...I'm sure they're all over this as we speak.

12. piyath

Posts: 2445; Member since: Mar 23, 2012

How those two differentiate from each other. Isn't Face ID a part of that true depth camera? If developers given the access to it they will map our face and create a Face ID of our selves for their use. I'm confused here....lol

15. uncle_gadget

Posts: 1050; Member since: Sep 20, 2017

I applaud you for asking a legit and sincere question and it was a good question to ask. O also wonder the same. If someone give you tools to use something, can't a person with knowledge use said tool beyond its original purpose? The sources says: "The face data that is being shared with developers comes from ARKit, Apple’s suite of tools for augmented reality, and relies only on camera input. " Could not that dev make the tool take a full photo of your face and be used for criminal purposes, before Apple figures it out? Have we not seen apple pull apps like wallpaper apps months after it been in the store stealing peoples data? YES!!!!!!!!!!!!

16. uncle_gadget

Posts: 1050; Member since: Sep 20, 2017

https://www.forbes.com/sites/bernardmarr/2015/10/20/data-thieving-apps-banned-from-apples-app-store/#39e0fe4cb89f Even if the app was on the store for a day. If 1M people download such an app, they lost data. Many Apps may take weeks or months before it is found they have backdoors and steal data. There is no way to avoid this.

2. Darckent

Posts: 87; Member since: Sep 17, 2016

This face id is going to blow up spectacularly There are just too much shady instances that Apple keep denying Good thing about technology in this day age with the smart public is apple will be found out no matter how much they deny No smoke without fire... iPhonearena are praying the truth doesn't come out against their beloved apple

4. trojan_horse

Posts: 5868; Member since: May 06, 2016

The thing is, if the devs want to make apps or games to work with face expressions, and if most users happen to deny access to the data of faces, what happens? I can imagine at some point where devs or even Apple itself would begin to secretly provide the face data to developers, regardless of the user's consent.

10. lyndon420

Posts: 6443; Member since: Jul 11, 2012

Anyone who willingly uses their biometric data (fingerprints,iris, facial) to unlock their phones takes a big risk. I'm happy with a simple passcode...works well for me.

17. uncle_gadget

Posts: 1050; Member since: Sep 20, 2017

Because there aren't keyloggers on mobile?http://www.android-keylogger.net/ Think a dev can't backdoor this capability into an app? I agree with what you said. But any passcode or password can be cracked. All a person needs is YOUR phone and TIME. But a phone is no more safer than any Windows PC or Mac when you access the internet. also just remember this fact. Other than games, most mobile apps are server-side. Which means they only display data coming from another source. Which means any app that does this can have a backdoor where your data can be compromised including passwords/codes.

3. zebraman

Posts: 59; Member since: Sep 11, 2013

A lot of early reviews of companies that got the iPhone X before release mentioned that the face id was hit and miss and did not work all the time. So much for revolutionary face id technology

6. Martin_Cooper

Posts: 1774; Member since: Jul 30, 2013

I have seen it on several videos fail miserably under direct light. But thats not worth reporting it seems.

9. Victor.H

Posts: 1026; Member since: May 27, 2011

We will investigate once we get a hold on an iPhone X.

13. YeahYeah

Posts: 247; Member since: Mar 16, 2016

Oh Victor.H is here trying to defend iPhone. This is good.

14. tedkord

Posts: 17076; Member since: Jun 17, 2009

I don't see the real problem if it's just giving apps access so they can use it for login, etc...

18. uncle_gadget

Posts: 1050; Member since: Sep 20, 2017

Based on this image -https://i.gadgets360cdn.com/large/iphone_x_front_sensors_gadgets360_1505276153355.jpg - Face ID uses the dot projector which is not a camera. Its a light projector that projects dots of light at yoru face. The phone still has a main camera. If Apple is saying devs won't have direct access to the dot projector, that's one thing. But the camera is still a camera and a camera can still be used to take a full photo of your face. So lets say you use an a 3rd party animation tool for Amoji's as an example. It needs your face even if, its gonna make your face a cartoon. Think Bitstrips as an example. Who's to say thay devs isn't getting picture data that would allow them to have your exact face? The potential for criminals to do this, is made easily by Apple giving away a tool, even if said tool gives limited access. How do jailbreaks work? Because devs have tools that are designed to find holes, even ones that give them limited access. All they need is something that gives them access and that is what PA may be missing and Apple too. If you give a criminal half of a key to a lock, they will figure out how to complete the key and unlock the door. This is a fact! I don't think Apple should allow this on any level. Its better safe than sorry. Apple having access is bad enough. All it takes is a mistake in the code and the dev can exploit that code for criminal purposes.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.