Is Apple really giving away your Face ID data to developers?

The Apple iPhone X uses Face ID, an innovative and highly advanced system to get a unique 3D scan of your face that allows the phone to recognize it is you looking at it in a split second. Having that data stolen is naturally a big privacy concern, but Apple has gone out of its way to reassure customers that their Face ID data never leaves the phone and is securely, encrypted on the phone itself.

But now, reports have surfaced that Apple will actually give your face data to developers. Publications of all ranks including the likes of Reuters were quick to jump on the news and say that this could be a major privacy concern.

So... is Apple indeed giving away your Face ID data to app developers?

Not really, but you need to know the details.

Face ID uses a complicated system that provides a full 3D scan of your face, mapped by over 30,000 individual points. This data never leaves your phone and it is not available to developers, period. What is available to developers, however, is access to the front camera (without that detailed map of your face). This is done to make augmented reality applications better, and means that apps like Snapchat can create more realistic filters, tracking your face. Other ARKit apps will jump on board as well.

An app would need to create a privacy policy and get users' explicit consent for this.

Keep in mind: this is different than Face ID, it's not related to it. So if you are wondering whether registering Face ID means that you automatically give away your face data to app developers, the answer is a resounding 'no'.

What app developers can still get is access to the front camera that now has a TrueDepth sensor, so they can get a more detailed reading for those augmented reality features.

Is this is a privacy concern itself? Well... it could be. Apple's terms explicitly forbid app developers from selling that data: “You may not use Face Data for authentication, advertising, or marketing purposes, or to otherwise target an end-user in a similar manner,” the developer agreement reads. But is there any guarantee against that malicious hacker cracking the system of a certain app developer and getting access to that face data? Not really.

So while Face ID seems like a very secure system at the moment, your face data at app developers is certainly not as well protected. So next time you get a pop up with a bunch of text on Snapchat or Instagram, asking for your permission, you might want to read it very carefully before accepting. Having those cute rabbit ears in that app might not be worth giving away your face data. But registering Face ID? It seems safe at the moment.

via Gizmodo