Analysis: The privacy issue when Apple shares your face with apps
Poop that mimics your facial expressions was just the beginning.
It's going to hit the fan when the face-mapping tech that powers the iPhone X's cutesy "Animoji" starts being used for creepier purposes. And Apple just started sharing your face with lots of apps.
Beyond a photo, the iPhone X's front sensors scan 30,000 points to make a 3D model of your face. That's how the iPhone X unlocks and makes animations that might have once required a Hollywood studio.
Now that a phone can scan your mug, what else might apps want to do with it? They could track your expressions to judge if you're depressed. They could guess your gender, race and even sexuality. They might combine your face with other data to observe you in stores - or walking down the street.
Apps aren't doing most of these things, yet. But is Apple doing enough to stop it? After I pressed executives this week, Apple made at least one change - retroactively requiring an app tapping into face data to publish a privacy policy.
"We take privacy and security very seriously," Apple spokesman Tom Neumayr said. "This commitment is reflected in the strong protections we have built around Face ID data - protecting it with the Secure Enclave in iPhone X - as well as many other technical safeguards we have built into iOS."
Indeed, Apple - which makes most of its money from selling us hardware, not selling our data - may be our best defense against a coming explosion in facial recognition. But I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered.
Apple's face tech sets some good precedents, and some bad ones. It won praise for storing the face data it uses to unlock the iPhone X securely on the phone, instead of sending it to its servers over the Internet.
Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.
To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3-D print a mini-me.
"Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.
Being careful is in Apple's DNA - it has been slow in opening home and health data with outsiders. But it also views the face camera as a differentiator, helping position Apple as a leader in artificial intelligence and augmented reality.
Apple put some important limits on apps. It requires "that developers ask a user's permission before accessing the camera, and that apps must explain how and where this data will be used," Apple's Neumayr said.
And Apple's rules say developers can't sell face data, use it to identify anonymous people or use it for advertising. They're also required to have privacy policies.
"These are all very positive steps," said Clare Garvey, an associate at Georgetown University's Center on Privacy & Technology.
Still, it wasn't hard for me to find holes in Apple's protections.
The MeasureKit app's maker told me he wasn't sensing much extra scrutiny from Apple for accessing face data.
"There were no additional terms or contracts. The app review process is quite regular as well - or at least it appears to be, on our end," Khanov said. When I noticed his app didn't have a privacy policy, Khanov said Apple didn't require it because he wasn't taking face data off the phone.
After I asked Apple about this, it called Khanov and told him to post a privacy policy.
"They said they noticed a mistake and this should be fixed immediately," Khanov said.