Apple explains the ins, outs and privacy of Face ID
Apple's Face ID is a make-or-break feature for the upcoming iPhone X. It completely replaces Touch ID and should be more accurate and tougher to crack, but up until now we did not know the details of how Face ID works.
Today, Apple has published a six-page whitepaper that explains the ins and outs of Face ID. The tech paper is published on Apple's new privacy and security portal, and the first thing it does is confirm that your face data is only stored on the device and not in the cloud. The Face ID system will read your face and save a partial data for your face that even if somehow extracted from the iPhone X, will not be sufficient for a full face reconstruction of that person.
But what is more curious is the way Face ID stays relevant over time and updates its face models.
To improve unlock performance and keep pace with the natural changes of your face and look, Face ID augments its stored mathematical representation over time. Upon successful unlock, Face ID may use the newly calculated mathematical representation — if its quality is sufficient — for a finite number of additional unlocks before that data is discarded. Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.
And as to all of those concerns that Face ID might be used by others to unlock your phone against your will? Well, the paper says you need to open your eyes and look directly in the phone, but Face ID is so quick that even a glance might be sufficient, so there really are no guarantees. As a safety measure, you can click the side buttons to put the phone in shutdown mode, which disables Face ID.
And this is important also when you use Apple Pay. You will not send a payment by simply looking at your phone, but you will also need to double click the power key before you use the phone at a terminal.
You can read the full paper with all the details right below.
source: Apple Face ID White Paper (PDF)
Things that are NOT allowed: