Third party developers will be able to fully utilize the TrueDepth camera on the iPhone X to collect advanced facial data, according to a new report by Reuters. Although Apple has promised that the facial profiles used for Face ID will be securely stored in the iPhone X Secure Enclave — in the same way that fingerprints are stored for Touch ID authentication on other iPhone models — third-party app developers will be permitted to access the advanced features of the TrueDepth camera to access facial recognition features that would allow them to build entertainment apps for the iPhone X, such as pinning three-dimensional masks for selfies or mirroring real-world facial expressions on an in-game character.
As with building any other iPhone app, developers are required to seek permission from the end user and are prohibited from selling the data to third parties, using it for advertising or marketing purposes, or creating user profiles that could be used to identify anonymous users. Developers will be able to build apps that can capture a rough map of a user’s face and a stream of more than 50 types of facial expressions, allowing apps to monitor how often users blink, smile, or frown.
This data can also be uploaded and stored on a developer’s own servers, raising concerns among privacy advocates that the data may not be limited to entertainment features, but may extend to allowing unscrupulous marketers to track users’ responses to advertisements or content, despite Apple’s strict policies on the matter. Apple’s enforcement strategies are currently limited to reviewing apps before they’re released on the App Store, periodically auditing existing apps, and of course the threat of banning developers from the App Store entirely for breach of contract — all of which Apple maintains have been effective in policing its App Store.
For its part, Apple’s policies are quite emphatic, making it clear that app developers must “obtain clear and conspicuous consent” from users before collecting or storing face data, and will only be permitted to do so for a legitimate feature of an app. Naturally, iOS will also continue to ask users to grant permission for an app to access any of the cameras on the iPhone X, although it’s not yet clear whether a separate core iOS authorization will be required to access the TrueDepth camera’s advanced facial recognition capabilities.
Privacy experts concede that Apple is clearly trying to offer a feature that will enhance the user experience rather than providing a boon to marketers, but although they laud Apple’s policies on facial data, the point out that Apple may have little ability to control what developers can do with that data once it leaves the confines of the iPhone X, and whether end users are being adequately informed of the details involved. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first — and sometimes that’s the hard part,” said Jay Stanley, a senior policy analyst with the American Civil Liberties Union, “It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”