Apple has launched a revamped privacy page proclaiming that its products are "designed to protect your privacy." Describing privacy as "a fundamental human right," the page explains the privacy functions of apps, Siri, Apple Pay and Touch ID.
The company describes not only how it protects personal data with encryption, but also how it responds to government and legal requests for data. Apple has additionally published a paper which goes into some detail about how the Face ID feature of the iPhone X works -- and reveals its limitations.
The six-page Face ID Security Guide goes into some detail about how the technology works, and makes it clear that data relating to users' identity is only ever stored on their handset, and is never transmitted to the cloud. Apple reveals how Face ID updates itself, using algorithms to help improve the chances of recognizing you even if your appearance changes slightly:
To improve unlock performance and keep pace with the natural changes of your face and look, Face ID augments its stored mathematical representation over time. Upon successful unlock, Face ID may use the newly calculated mathematical representation -- if its quality is sufficient -- for a finite number of additional unlocks before that data is discarded. Conversely, if Face ID fails to recognize you, but the match quality is higher than a certain threshold and you immediately follow the failure by entering your passcode, Face ID takes another capture and augments its enrolled Face ID data with the newly calculated mathematical representation. This new Face ID data is discarded after a finite number of unlocks and if you stop matching against it. These augmentation processes allow Face ID to keep up with dramatic changes in your facial hair or makeup use, while minimizing false acceptance.
The technical paper also sheds some light on the limitations of Face ID -- particularly that young users and siblings could be problematic:
The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate.