Paul Hudson covers the key changes in Apple‘s App Review guidelines, including these two standouts:
- Apps that use facial recognition for account authentication “must use LocalAuthentication (and not ARKit or other facial recognition technology)”, including a requirement for providing an alternate authentication method for users under 13 years old.
- In terms of privacy, Apple is making it clear that you may not attempt to identify other people or guess their user profiles based on ARKit’s facial mapping tools, explicitly banning data mining on ARKit facial data.
Apple is rarely the first to use a technology, but they’re frequently the first to do something right. Facial recognition has been around for a long time but it has a) sucked, and b) been extremely invasive. I don’t know how good Apple’s implementation is yet — though everything I’ve heard through both public and private channels indicates that it’s even better in real-world use than the onstage demos showed — but they are the first consumer technology company that seems to recognize the serious implications of facial recognition data. It isn’t fair to say that no company could be as sensitive to user privacy; it’s just that no other company is being as sensitive to user privacy.