ACLU raises privacy concerns over app developer access to facial expressions on iPhone X

Ben Lovejoy, 9to5Mac:

The American Civil Liberties Union (ACLU) has raised privacy concerns about developer access to the facial expressions of iPhone X users. In particular, they say that Apple allows developers to capture facial expression data and store it on their own servers.

When the iPhone X was launched, Apple was careful to stress that the 3D face recognition model used by Face ID was stored only on the phone itself. The data is never transferred to Apple servers. But the ACLU says that app developers are allowed to transmit and store some face data.

Interesting article. Lots of layers to this issue. There’s face tracking (think Animoji) and attention detection (are you actually watching your screen). How much of this data is hidden behind an API? In other words, does Apple simply tell a developer whether you are paying attention to the screen, or do they give you more specific data, like the current screen location on which you are currently focused?

This is a good read. And keep an eye out for more detail in the Rene Ritchie/iMore iPhone X review I’ll be posting a bit later this morning.

Update: There is no API for attention detection, therefore there is no way for developers to access it.



  • Caleb Hightower

    Just can’t have nice things. Always some nefarious agent lurking.

  • James Hughes

    “Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission”

    Whelp, you give your facial expression away, that’s your choice.

    We can’t keep protecting people from themselves can we?

    “App makers who want to use the new camera on the iPhone X can capture a rough map of a user’s face”

    Depending on just how “rough” this could all be a moot point.

  • AAPL.To.Break.$160.Soon.>:-)

    Ummm…, what exactly is dangerous about facial data? Are smiles and frowns are useful to criminals? I don’t quite understand this. So, when people take selfies, that photo can’t be captured or sent to a server without wrecking havoc to people’s lives. When people paste their faces all over Facebook and Facebook servers, wouldn’t that also be a problem?

  • Guest

    My fear with attention detection being available to developers is that this could usher in an era of truly unskippable ads. At least now, I can ignore the device (or window on a computer) and do something else for 30 seconds while the ad plays (muted of course). But surely soon they’ll require actual attention. If you don’t allow the app access to attention data, AND pay attention to the ad, no content for you!

    • I can’t imagine Apple would let that go, but it could be snuck in for sure.

    • GlennC777

      Excellent point, and I could see Apple allowing this, as they do want their slice of ad revenue and it could be justified as a more “fair” transaction than one where the ad can be ignored.

      Also I’d bet the value of the ad to the advertiser would be multiple times higher, possibly making ads of this type the most desirable on the market and giving Apple its first real advertising advantage against Google and Facebook.

  • “How much of this data is hidden behind an API?”

    If only there were a way to find out.