Home United States USA — IT Is Face ID secure? Apple takes on lingering questions

Is Face ID secure? Apple takes on lingering questions

303
0
SHARE

The company issues a report on the security of its new facial recognition tech that responds to some concerns but also leaves a few questions unanswered.
Just how secure is Apple’s new Face ID?
Apple has released a technical white paper that offers a breakdown on the security behind Face ID, its new facial recognition tech.
For now, the iPhone X will be Apple’s only device using Face ID, but it’s already raised concerns on multiple fronts. On Sept. 14,Democratic Sen. Al Franken of Minnesota wrote a letter to Apple CEO Tim Cook with several questions, like how the data was stored, and if a third-party app could access Face ID. There had also been concerns with how the biometric will apply in the courts and with police.
Apple’s white paper on Wednesday answered questions on Face ID’s security, like how much of your face’s image it actually stores, how long it saves it for, what apps can use Face ID, and a few other ones.
The white paper did not directly comment on how robust Face ID’s privacy is when it comes to law enforcement. Here’s what Apple did answer in its document:
Not much, unless you count a mathematical equation and infrared dot plots as your image.
Face ID doesn’t capture your entire image, Apple said in its paper. It takes on the infrared images, which is represented by 30,000 dots, and creates an map of what your face would look like. It also keeps the « mathematical representation » of your face, rather than the image itself.
The background of your unlocking selfie also isn’t stored. The enrollment image — the first picture you take so Face ID can recognize you — is cropped to your face only. Every time you unlock your phone using Face ID, the images are « immediately discarded once the mathematical representation is calculated » and compared to the enrolled data.
The data is stored on the device’s Secure Enclave chip, and only available there. It’s encrypted, and the data « never leaves the device, » according to Apple. Even Apple doesn’t receive the data, and it’s not stored when your phone backs up, either.
« Face ID data doesn’t leave your device, and is never backed up to iCloud or anywhere else, » Apple writes.
It’s the same as how Touch ID data, Apple’s fingerprint reader, is stored. Because it’s stored on your device and not on a server or a cloud, someone would have to have physical access to the device to be able to steal the data. And even that would be difficult, considering that the Face ID data is encrypted.
The only time your Face ID data would be sent anywhere is if you agree to transfer it for AppleCare, and that would only be diagnostics data. People will be allowed to review and approve what data gets sent, including your face’s image. It automatically is deleted after 90 days.
Yes. Third-party apps will be able to use Face ID for authentication. Any apps that you’ve used that allow for Touch ID to do that will automatically be able to support Face ID without any changes, Apple said.
But that doesn’t mean that they are getting your face’s data. Face ID only tells the third-party apps whether or not the authentication went through — it doesn’t send your face’s data with it.
Think using Face ID to approve purchases from iTunes or the App Store. You’ll be able to do that with any app where developers allow for Face ID.
Apple said it used more than a billion pictures to train Face ID to recognize people. Sen. Franken asked where they got those billion images, which Apple did not answer. The company said they worked with a diverse group of people to account for different genders, ages, ethnicities and « other factors. »
No. Face ID requires a password to be enabled. Apple said Face ID should actually make having a « longer, more complex passcode far more practical, » since you won’t need to enter it as often.
« Face ID doesn’t replace your passcode, but provides easy access to iPhone X within thoughtful boundaries and time constraints, » Apple writes. Also, there’s a few circumstances where you will need to enter your password to get in the phone:
When it’s just been turned on
When it hasn’t been unlocked for more than 48 hours
When it received a remote lock command
Five unsuccessful attempts to unlock using Face ID
When Emergency SOS is activated (holding the volume and side buttons for two seconds)

Continue reading...