Does Apple's Face ID facial biometric raise privacy concerns?

Apple's revolutionary new feature on iPhone X, Face ID allow you to unlock your phone by looking at it, but just how much facial biometric can reveal about the bearer is quite huge.

The new front-facing sensor module within the ‘notch’ enables the smartphone to sense and map in-depth facial features, which inevitably, communicates a lot about its owner without them necessarily realizing it.

Now, this dexterous piece of software called the TrueDepth camera system, is to power a new authentication mechanism based on a facial biometric, Face ID, which iPhone X owners are required to register their facial biometric by tilting their face in front of the camera.

The Face ID also replaces Touch ID for Apple Pay and other apps that uses it to authenticate users, like banking apps.

Albeit, Apple claims it does not have access to the depth-mapped facial blueprints that users enroll with when they register for Face ID. As the mathematical model of the iPhone X user’s face is encrypted and stored locally on the device in a Secure Enclave.

But Face ID learns over time, the additional mathematical representations of the user’s face may also be created and stored in the Secure Enclave after successful unlocks — if the system deems them useful to “augment future matching”.

While developers trying to incorporate Face ID authentication into their iOS apps does not have access to the Secure Enclave; the authentication is via a dedicated API which returns only a positive or negative response after comparing the input signal with the Face ID data.

Apple’s engineering and security systems behind Face ID’s architecture should given you confidence that the core encrypted facial blueprint to unlock your device and authenticate your identity with all sorts of apps is never shared with anyone.
Next Post »