The Face of Enterprise Security

Facial recognition is starting to grow as a technology on consumer devices; what does that mean for your enterprise security?

Its the time of year when Apple pops out a new iPhone to extract any money that may be lying around a consumers wallet. The newest one (do we call it iPhone Ecks or ten or what?) has some interesting technology in it called FaceID.
As we know now, its a biometric system, similar to the fingerprint-using TouchID, that can recognize a users face and authenticate them. When Touch ID first appeared, many were concerned that the biometric data of a user would be spread around the Apple ecosystem. It took some major explaining by Apple of how things worked -- the actual data never left the phone and third parties only saw a yes/no that the phone generated -- to calm those fears down.
There has been no similar uprising about the FaceID technology, since Apple has been assumed to be doing the same thing as it did with Touch ID to preserve user anonymity. They even explicitly said that to privacy advocates in September. That may be true on a technical basis, but some interesting things are now coming out on how Apple will share FaceID with developers.
Reuters has reported
that, based on a contract they had seen, developers will be able to get facial information from the new iPhone. While the developers have to agree to seek customer permission for this as well as agree not to sell the data to a third party, the resultant data may end up on the developers servers.
Apple thinks it can enforce this approach by threatening to pull any non-compliant apps from its App Store, and pre-screen apps before allowing them on the store. Privacy advocates are not so convinced of Apples ability to police this. There are only spot checks of source code performed by Apple, and they have never pulled an app from the Store because of poor information-sharing practices.
Even if an app was pulled, might a developer think that they could end up making more after the pull by selling the now unencumbered facial data that they have to some marketer?
If an employee is willing to share facial data (expressions for example) with some app, should the employer be concerned? It must depend on the context of that use.
Using FaceID to make a character in a game smile wont directly affect an employees job performance. But twitching their cheek to effect spreadsheet cell selection might.
Apple is no doubt trying to make FaceID desirable to consumers by allowing developers to use it for their apps. However, this illustrates how the best intentions can go awry. An organization is faced with a different kind of shadow IT going on here. They and the user rely on one company to enforce the app-only, no-marketing doctrine without assurances that it will be effective. Besides unlocking a phone, the technology allows for a users face to be continually monitored. Most users -- and their employers -- may not even considered that as a possibility. Its already here.
Related posts:
iPhones Facial Recognition Shows Cracks
FaceID Faces Security Headwind
Three Reasons Facial Recognition Will Win
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
The Face of Enterprise Security