Is Apple really building a huge database of people's faces?
Apple is scanning people's millions of people's faces each day, shooting lights at them and taking photographs. And it's got everyone in a panic.
But the truth is much more secure and private, and probably a little less exciting. Here's what's actually going on with Apple's big new biometric feature.
What is Face ID?
It’s Apple’s brand new biometric technology, which uses very precise measurements of your face to check that the person trying to get into a phone is its actual owner.
Just as Apple has scanned your fingerprints to let you into your phone up until now, it’ll now scan your face. And it does it in just a glance – look at your phone and it’ll let you in, so long as you’re the right person.
It’s one of the main features of the new phone, alongside the new “Super Retina” screen that goes all the way across the front.
It works by using a range of technologies known as the True Depth camera system, which resides in the controversial notch at the top of the screen. When you try and unlock your phone, it spots your face, pulls together the various sensors and cameras, and uses it all to judge whether you're the right person. If it does, it'll tell the phone to unlock and you're on your way.
Why are people in such a panic?
Face ID sounds like the future: it instantly scans your face in minute detail, develops a mathematical representation of it, and uses that to allow you into your phone. But sometimes the future is scary, and given the amount of personal data that is stolen from us and used with little care for where it came from, it’s good to be vigilant about what we’re letting companies collect.
But Apple has been clear about its commitment to privacy: it even has an entire page dedicated to telling everyone how focused on it the company is, which begins with the statement that “At Apple, we believe privacy is a fundamental human right”.
That isn’t just a point of principle – Apple has used its commitment to privacy as a selling point, and it’s something that sets it apart from companies like Facebook and Google that thrive by harvesting data from their users.
None of which is to say that Apple would never violate the privacy of its users, or that we shouldn’t be careful about what we let the company see or collect. It just means that we shouldn’t assume the worst.
So is Apple creating a database of everyone’s faces?
That would be terrifying, obviously. But no. The data about your face never leaves your phone.
Instead, it’s stored inside what Apple calls the Secure Enclave – the most inaccessible part of the phone, which is kept secret even from other things that run on it. That’s the same place that TouchID lives in other iPhones, and you can think of it something like the underground vault at a bank, where the most important and sensitive information is stored.
All of the data for Face ID, including the mathematical representations of your face that it requires to work, gets encrypted and protected with a key that can only be accessed by that secure enclave.
Apple doesn’t even back up that information to iCloud, as it does with many other parts of the phone so that you can retrieve them if yours stops working. That’s because it’s aware the information is sensitive and private, and keeping it on the phone means that there’s no chance it’s intercepted on its way up to the cloud.
(All of this does mean that you’ll have to re-scan your face if you move to a new phone, since the information won’t be carried over with your iCloud backup. But that’s a small price to pay.)
Does that mean anyone can get these detailed pictures of my face?
No. Apple has kept the data from being given over to developers.
They can request some information that’s gathered from the sensors in the True Depth camera on the front of the phone. But that is used primarily for things like new and more accurate Snapchat filters – and Apple doesn’t hand over information in the same detail it uses for Face ID. Developers could gather all of that information from your phone’s normal camera, on any other phone, if they wanted to.
Developers can of course integrate Face ID into their own apps, as they have with the fingerprint. That means, for instance, that a bank can use it to make sure that only you can open your internet banking app.
But Apple doesn’t let them actually see the biometric information used to do that. Instead, the developer just asks Apple whether or not the right person is holding the phone, the phone asks the secure enclave, that scans your face to check, and sends back a yes or a no. All the app and its developer gets to see is the answer to that yes or no question, not how it was calculated or the image of your face that was used.
What if I'm not convinced?
You don't have to use Face ID. Indeed, there are many ways you can not use it.
The iPhone X – like Apple's other phones before it – lets you skip out the biometric authentication entirely. You can instead just turn passcode lock on, which will make the process of unlocking a lot slower but allay any fears about having your face scanned.
In very sensitive situations, you might want to do that anyway to stop people forcing you to unlock your phone. Indeed, Apple has a special security setting that allows that to be turned on from your pocket – a feature that's useful if you're worried about your phone falling into the wrong hands.
But perhaps the easiest thing, if all this puts you off, is just to buy the iPhone 8 instead. That phone still has Apple's old TouchID sensor, and includes almost all of the major features of the iPhone X, meaning that you can just wait a while and see how everyone else gets on with facial recognition for now.