Face ID, which debuted in the iPhone X, is not only for unlocking the smartphone, authorizing payments or sending images that mimic our facial expressions. The new functionality has been made available to developers who can create applications for the iOS platform using Face ID. One of the scientists decided to check what data on our face external programs have access to. It turned out that there is a lot of it.
The pattern describing our face is stored in a secure way in the memory of the iPhone X. Face ID not only encrypts it, but also does not send it to external servers. The whole process of unlocking the smartphone by recognizing the face of the user also takes place fully on our device, not in the cloud. It was the same with the fingerprint in the Touch ID. However, this situation looks completely different when you run external applications, which may (but do not have to) transmit to telemetry data collected using Face ID.
iPhone X owners can check this by using the Face Mesh mode in the AR MeasureKit app.
AR MeasureKit is one of many applications that appeared in the AppStore after the release of ARKit in iOS 11. However, in addition to the standard measurement options that also work on older Apple devices, owners of the iPhone X have a still available Face Mesh mode. It is used to view 52 face’s attributes measured in real time by Face ID. The creator of the application, Rinat Khanov, is considering introducing an option that will be used to scan the face and export the obtained results to a 3D printer.
Apple points out that he is serious about privacy and security. That’s why Face ID, like Touch ID, uses Secure Enclave security. This means that the iPhone X does not store the scan of the device’s face in its memory, only its mathematical description, which is encrypted with a cryptographic key. However, every application using Face ID asks the user for permission to use the camera. In addition, developers must describe how the application processes the collected data. However, security experts fear that the increasingly popular three-dimensional facial recognition systems can be used by cybercriminals.
Source: Washington Post