The data used by the new Face ID facial recognition system on an iPhone X never leaves the device, Apple guarantees, as all the information is stored locally with not a single bit submitted to its own servers.
But while Apple itself does not look into facial data, the company allows developers to access and even collect part of it to enable features in their applications, according to a report by Reuters.
Apple insists that the data which developers can take off an iPhone X cannot be used to unlock the device, but instead it allows them to develop features based on facial expressions.
Collected data can help developers determine how often users blink, smile, or raise an eyebrow, and Apple says that the visual map of the face, which app makers get access to, does not allow authentication, as this, in turn, would require a mathematical representation of the owner’s face.
Developers being provided with access to face data, however, raises privacy concerns as to what can happen after the information is stored on third-party servers, especially because Apple can no longer control what each app maker does once the face data leaves the iPhone.
In the documentation that Apple provides developers with, the company highlights a series of privacy rules, including apps clearly mentioning that users need to give their permission to have the facial data collected. Apple says the consent must be “obtained clearly and conspicuously” and it needs to be used for a legitimate feature of the app. The collected data must not be sold to third-parties, Apple says.
The company threatens that whoever violated these rules can be banned from the Apple Store, while also guaranteeing that it’s running pre-publication reviews of apps before being listed for download.
The firm, however, doesn’t check all the apps that are submitted for approval, but only running random spot checks of the source code, Reuters reports citing Bud Tribble, Apple’s privacy expert, who testified for the Congress in 2011.
The more worrying thing is that developers can take the risk of being banned from the Apple Store for revenue obtained after selling facial data to third-party developers, with experts warning that Apple needs to catch those who violate the rules first and only then deal with the issue.