How much can we trust Apple’s privacy promises? Only as much as you can trust random developers.
When Apple debuted the new Face ID functionality of the iPhone X, it didn’t exactly go as hoped. It didn’t quite work. Of course Apple came back and said it worked exactly as it was meant to. They actually gave a fairly decent explanation as to why it did not. You can choose to believe them or not.
Apple also proclaimed that the Face ID data would remain securely stored only on the device itself. This makes sense, after all, utilizing the functionality to open the phone, why would Apple need it to be anywhere else. But is this something you should believe?
Turns out, you shouldn’t. It’s not as if Apple is lying. It’s more like they are playing a word game. The Face ID data that is used to unlock the phone? Yes, that’s probably only stored on the phone. At least for now. I have no reason not to believe it, other than already having a healthy bias against trusting Apple. But there’s more to Face ID data than just opening the phone. There’s more potential for it’s uses. And Apple is opening that potential up for app developers.
App developers will gain access to the iPhone’s face data to build entertainment features for the iPhone X. This data, does not have to stay on the device. According to the developers agreement, this data can be stored off the phone as developers see fit.
Apple’s developer agreement states that developers must “obtain clear and conspicuous consent” from users before it can collect and store this data. App developers are forbidden from using this data for any advertising or marketing and can’t be sold to third parties. The problem is this agreement, as described by an app developer, is “long and complex and rarely read in detail”.
Users need to worry not only about if developers are properly securing the information which has been shared with them, they should also be concerned if the developer is fully aware of the agreement which limits what they can do with this data. As for what Apple will do if a developer either knowingly or unknowingly uses this data in a way which violates the agreement? Well, something tells me we won’t have to wait long to find out.