App Developer Access To iPhone X Face Data Spooks Some Privacy Experts (reuters.com) 71
A reader shares a report: Apple won accolades from privacy experts in September for assuring that facial data used to unlock its new iPhone X would be securely stored on the phone itself. But Apple's privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player's real-world facial expressions. Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by Reuters. App makers who want to use the new camera on the iPhone X can capture a rough map of a user's face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer's own servers, can help monitor how often users blink, smile or even raise an eyebrow.
The iPhone X is freakin' terrifying (Score:1, Offtopic)
HACKED BY CHINESE (Score:3)
Re: (Score:2)
Nicolas cage did just fine!
They can also use your phone, mic, and GPS! (Score:5, Insightful)
...of course, you have to give them permission to do so, just the same as with this data, apparently.
As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you. I'm glad my weather app can grab my current location to give me useful information as I changed locations throughout the day. I'm glad Shazam or whatnot can use the mic to tell me what song is playing. I'm glad my camera apps can access the camera. And it's not outlandish to believe that I may eventually be glad that some form of facial data is getting synced via third-party servers between my devices.
But that'll be my call to make if and when I ever have a phone with these sorts of features, because without my permission, they can't do jack squat, so this whole topic is rather moot.
Re: (Score:1)
The app shouldn't require facial data from the phone. If it wants facial data, there is a pretty snazzy front-facing camera that can be used on a manual basis. All the authentication stuff should be kept well away from apps, just like how TouchID keeps fingerprint info away from other apps.
Re:They can also use your phone, mic, and GPS! (Score:5, Insightful)
Re: (Score:2)
"Apps aren't using the data for authentication. The phone still handles auth the same as TouchID. Apps are using face data to make the dog ears and tongue smile and frown along with your face in your selfie app."
Indeed, the Feds are already working on such an app and they'll get the data for free that way, no need to buy it from another party."
Re: (Score:2)
But that'll be my call to make ...
Maybe.
And there lies the rub.
Re: (Score:2)
But that'll be my call to make ...
Maybe.
No, not maybe. This is already how it is. The camera has for years only been accessible to apps after they've explicitly been granted permission by the user, and they'll have a hell of a time collecting facial data without camera access. I suppose they might be able to infer facial data by having us smear the phone all over our faces while using the accelerometer, pressure readings, and gyroscope to infer the shapes of our faces, but at that point you can hardly suggest that they're doing it without your kn
Re: (Score:2)
I'm tempted to google news reports of Apps saying one thing and doing another but I watched the Astros win the World Series late last night, so be a dear and do it yourself, OK?
Re: (Score:2)
Hah, the Astros are actually my home team. Not that I really take much interest in the various forms of sportsball, but I can appreciate someone staying up to watch.
Re: (Score:2)
Yeah, two nights in a row.
I'm retired, so I'll make it.
The local Academy sporting goods store is nuts.
One cashier started her shift at 8 pm yesterday and she left at noon today.
There's no limit on purchases and some people are buying over a thousand dollars worth of collectibles.
Re: (Score:2)
Re: (Score:2)
What if they do it even if you don't give them permission?
How're they supposed to do that? We're talking about app permissions here. The default behavior is to deny apps access to those features until they're explicitly granted permission by the user. If you don't give them permission, they have no ability to abuse it.
Re: (Score:3)
...of course, you have to give them permission to do so, just the same as with this data, apparently.
As such, I fail to see the concern here. If an app requests that permission, simply deny it if it's a concern for you.
Unfortunately, we live in an age where a great deal of people will accept the abuse from Facebook because they believe "[t]he only other option is the self abuse of having no social life." [slashdot.org]
I feel like we are only just beginning to experience the consequence of having a society filled with "app addicts".
Re: (Score:1)
Unfortunately, we live in an age where a great deal of people will accept the abuse from Facebook because they believe "[t]he only other option is the self abuse of having no social life." [slashdot.org]
I feel like we are only just beginning to experience the consequence of having a society filled with "app addicts".
Actually, I love this. Before the 21st century, if one wanted a quiet life of social solitude it meant moving to a monastery high up in the mountains.
Now, without a Facebook account, I enjoy the digital monastery conveniently located in the middle of an urban center.
"But what about all the people?" you might ask.
They aren't looking at me, they're looking at their phones.
They might be bothering somebody, but they aren't bothering me.
Bliss.
Re: (Score:2)
I long for the day my phone will be able to tell if the person I'm about to have sex with is attractive enough. With beer goggles, one can't be too careful. And with Facebook, the reply from your friends may not arrive fast enough.
Re: (Score:2)
All fine and good, except your argument reminds me of Microsoft Security Statement back in 1998 with the release of Active X (Which unlike Java Applets at the time, can access your files, and do some additional lower level calls to your PC). IE will ask you if it is OK to run the Active X control.
Now most people are hungry for the content that the site offered, by clicking on the Yes button. So they had opened their system up to being hacked in a moment of a lack in judgement.
Today we are suffering from
Re: (Score:1)
Re: (Score:2)
The Instagram App, which they show off the real time masks, Uses the Dot projector like the emojis. So to follow your face when you move it and when you change your expressions... It may not be using your FaceID information, but it is getting your face data, for the most part the phone can just render it it locally... But who knows what feature can slip by Apples wall garden, that happens to send this data to the cloud for additional processing.
Re: (Score:1)
Yes, it's doing that by using the normal camera that you gave it permission to use. This is true on any phone with a good front facing camera. It has nothing in particular to do with Apple or its restrictions. You use the phrase "walled garden" in this case, but don't you want the OS controlling access to that camera? That's a totally separate notion from the meaning of walled garden, which is a reference to Apple's controlling
Re: (Score:2)
weather app can grab my current location... Shazam or whatnot can use the mic... camera apps can access the camera
What get me going is when the weather app wants access to the camera, phone, and microphone; Shazam wants to use the camera or location, and they all want access to SMS and your contact list. You really have to pay attention to the permissions you're giving apps, as they tend to want waaaaay more then needed for their core functionality.
Re: (Score:2)
Remember when cameras came with lens covers and devices had physical switches to turn things off? I'm waiting for one of the phone manufacturers to bring those features back. On the other hand I suppose it's a lot cheaper to just have the customer put a sticker over the camera than add a sliding cover to the phone. Unfortunately there's no good physical way to temporarily disable microphones and GPS, you are forced to trust the software.
Re: (Score:2)
No concern at all. When someone under the age of paranoid computer expert installs a dog face app sees the "allow app access to xxxxx" they will immediately say yes so they can use their app the one time. Eventually someone will abuse this data, and while you and I won't be affected, somebody you know and love might be. Or you know, half the population or something. It is a concern because data on facial mapping is going to be extremely detailed in the iPhone.
Joke of the Day (Score:3)
Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties
My sides! Ow! Please, stop, you're killing me!
Scount's honor! (Score:2)
Re: (Score:2)
*Exits the Skype conference with the media* *Turns to COO* - Where you on that new mass quantity discount pricing chart for selling all this great private info? I need to call the bank in Ireland and warn them of all the money trucks arriving.
Re: (Score:2)
Sorry, but I'm not giving my biometric information to Apple, an app developer, or pretty much anybody else unless it's fucking required by law
Ever sent a photo of yourself to anyone via any app or online service?
Duh (Score:4, Insightful)
Re: (Score:2)
Time to up your meds (Score:5, Informative)
2. FaceID doesn't use 'image processing' because it doesn't use images, it uses infra-red depth sensing. If you just use it for authentication then it's basically the same deal as the thumbprint; secure enclave and whatnot--it doesn't leave your phone.
3. Apple does not sell your info, ever. Not because they are a naturally good or noble company, but because they would make less money if they did so. Their business model is based on selling physical pieces of hardware, not selling their customer data. They are basically the opposite of Google.
Re: (Score:2)
Apple does not sell your info, ever
It's much more profitable to rent the data
Re: (Score:2)
How do we know they are not sharing with NSA? :P
Prove to me that you're not the NSA. (Score:2)
Do you see now why we don't ask people to prove a negative?
Re: (Score:2)
Prove it. :P
Re: (Score:1)
Yes, Apple wants to control the trusted data, and maintain the relationship of trust with their customers.
They don't want anybody else to have that. It's pure gold for them.
Re: (Score:2)
Actually people dont use pins. If the only option you give people is a pin they will choose not to lock their device. We saw this. When apple added thumb print there was a huge jump in the number of devices that were locked and encrypted.
Sure, you can use a pin.. its more secure anyway (particularly if you go with a long one, or a pass phrase) but the fact is people wont use it. They will use thumb print and they might be more willing to use facial recognition because, if it works flawlessly, all you hav
Re: (Score:2)
Yeah, I'll add a pin to the 50 other goddamn pins I have. And I'll add another goddamn password to all the other passwords I have. I'll also remember, because I'm caustically reminded, to change my password every frikken 2 months. Oh, I can get a dongle for creating new passwords that I can carry around wherever the hell I go.
Apple wants to sell phones, not your data (Score:3)
Re: Duh (Score:2)
How does Apple "get" biometric data? The data that Apple uses you unlock your phone never leaves the device. Even if Apple did get it, what use would it be to them?
Re: (Score:2)
Any app can not access the data used for authentication that is stored in the secure enclave that apps don't have access to. Even if they did somehow get enough data to unlock your phone, how would they actually use it remotely?
Stupidly worries the experts most (Score:2)
Re: (Score:1)
And what worries the marketing critters is any end of said stupidity.
"It says I need to click here to play the cool new game all my friends have" *click*
No different than Snapchat (Score:1)
This is no different than letting Snapchat do it or anything else. Developers can't do it without the user's knowledge, and it isn't giving apps a detailed map of your individual face.
Oh wait, face id? (Score:2)
If "google team" and even China already can do a lot of reconstruction from machine learning, even with heavily pixelated sources such as old pics and bad IPCams, I am guessing it won't be long before the "rough map" these apps get can be used for user tagging, and even authentication. Back with fingerprint scans, all the info was at the very least kept safe on hardware and is NEVER directly accessible to apps in any form, other than a boolean stuff like "valid" or "denied" access for authentication. Gettin
Re: (Score:2)
Yep. They likely don't have to start from pixelated photos. Most people have high-quality photos out there somewhere. If not, a determined attacker can take his own as you walk down the street.
Also, you don't need the mind pool of Google or Apple to do this. Check out this publicly available demo of 3D Facial Recognition from a Single Image [nott.ac.uk]. You can submit your own photo or someone else's and view a 3D model created from it. The model certainly isn't perfect, but it isn't too bad either.
Anyone who uses Face
Re: (Score:1)
Anyone who posts shit they know nothing about should be buried in shit until they expire.
Re: (Score:2)
Oh what a beautiful elitist world it must be on those usenet BBS forums you dwell, where nobody takes any shit but the 100% irrefutable shit and has an absolutely 0 tolerance-policy for arguments because OMNISCIENCE.
Slashdot is past mainstream phase but that doesn't mean it's back to just-for-nerds phase. The status quo is nice because the low trolling that exists, like yours and the odd spambot's is both easily identifiable and no longer really tolerated through the empathy of a once quasi-homgenous commun
Re: (Score:2)
Because whoever requests that depth map also has standard camera access and do loads more by cross-referencing photo+map, but I won't go into details before an elitist like Dog-Cow comes running saying I don't know enough of this to discuss it... :D
But I believe the original article states actual data from FaceID will be available to apps, so what you state is not entirely accurate - they do get info from the dot projection system. They should get less fidelity, but that is exactly the argument here - they
Re: (Score:1)
Because whoever requests that depth map also has standard camera access and do loads more by cross-referencing photo+map
Yes, and??? They don't have to do any work to cross-reference, it's all bundled together as it is. But it doesn't matter because as I said it's nothing like the point structure capture taken by FaceID, it's not as detailed AND from an image you do not have all the angles of the face the way FaceID does.
But I believe the original article states actual data from FaceID will be available to
National Information Exchange Model (Score:2)
For a very interesting look at all of the types of data being collected today, take a peek at the National Information Exchange Model. [niem.gov] or the NIEM on github [github.com]. The easiest way to look at the data is to download the models and open the niem-????.xlsx spreadsheet (name changes with version). The last time I checked, the rules for adding a schema to this model included a strong requirement that it be in use by two agencies before being eligible because its purpose is "exchange". So, it can be assumed that everyt