Apple gets it coming and going don't they? They are highly criticized due to the hoops government agencies have to jump through to get the little bit of data they keep on users just to be criticized they are sharing it with everyone.
This is a moot point on this specific topic. FaceID is stored in Apples Secure Enclave which never (can't) leave the device. If it puts some peoples mind at easy, the Secure Enclave is its own kernel and is essentially work around iOS so it can't be directly interacted with from any OS included iOS. Its as de-appled as it can get and still be inside the iPhone sold that way directly from Apple.
Tracking is clearly a concern for many which is understandable however the fundamental flaw with that logic is the concern is based off a smartphone telling you its recording you location and showing you precisely on a map. Basically the data is presented in a user friendly manor making it look 'easy'. However any cell phone that is turned on (many don't even need a sim in them) and is in range of a cellular tower can be tracked within a 30 meter diameter sometimes less. Typically a cellular provider rents space on a cell tower, them knowing amount of users, specific users, type of device, range and location from tower, etc etc is basic data they need to optimize equipment to minimize expense.
However is this
really an issue? The people I know that are truly concerned with privacy at these levels of paranoia will inconvenience themselves and not use devices they don't trust. An employee of a subcontractor I use for work has gone as far as carrying a dumb phone and digital camera (network based cameras record location, time and date in metadata). It's tough for me to understand why people continue to use the device they feel is threatening their privacy and security.....it's almost baffling.
De-appling an iPhone is also robbing Peter to pay Paul to some extent. There are some good reasons to have a company specifically like Apple managing your data.
1. They have well defined an published privacy statements on how user data is collect, used, sold and shared.
2. Apple is essentially a single entity with the money and personnel with the technical abilities to securely store and maintain your data. While their servers are referenced as "unhackable" (which we know isn't true) it's safe to say they are infinitely better than many alternatives. Point being not only are iCloud services convenient but they offer better security and thus better privacy then maintaining your own data at home. Also being automated it never lets its guard down like a people would enviably do.
3. Everything that goes to and/or through Apple is encrypted. Using methods that utilize Apples services are typically more secure and private than alternatives. iMessage vs SMS for example, you might as well just use a plane with an advertising banner trailing behind it to send a message via SMS.
4. They use advertising identifier numbers in groups to market user data anonymously. So your iPhone uses that identifier to keep your personal data anonymous. To further secure your identifier from being associated to you, you grouped with a minimum of 5000 other users identifiers that have similar interest, trends and behavior as you do. That sample is the data that is marketed. You can also goto settings > privacy > advertising > reset advertising identifier to reset it.
5. They will send all the personal user data they have collected and stored on you. Takes a few days but just goto iCloud.com > Account and scroll to the bottom to request a copy.
With a good deal of confidence we can trust they are doing what they say they are doing because it doesn't make sense/is near impossible not too for a variety of reasons....
1. Too many people to keep a secret. Studies (
not the one I'm referring to but here is a study from Oxford University) have shown that under fear of court martial and treason which is obviously more severe than any Apple employee would need to deal with a conspiracy can be maintained for ~5 years by no more than 2500 individuals (coconspirators) . DaVinci Code logic says a secret is safe for 100 years with ~120 individuals instructed to maintain secrecy lol. Eventually someone will talk tho even if its on their death bed. Regardless 5 years puts Apple out of business in 6-7 due to PR nightmares. And a 120 people isn't enough for the volume of work required. I didn't even bother to mention the people in other departments that would need to interact with them like IT guys, finance people, maintenance, etc.
2. Apple secretly selling personal user data outside of their privacy statement guidelines would be like them handing out suit cases stuffed with cash. Even the self righteous could sell that information to news agencies for hundreds of thousands of dollars and be a hero. The more selfish could ransom the data back to Apple for god knows how much.
3. Apple is publicly traded with very high revenue income, too high of revenue. The higher a businesses revenue means the more each department is bringing in. However if you have 2 departments and one makes 99% of the companies revenue then the other department won't be viable unless its a necessity to support the revenue generating department like a warranty department, or shipping department. That said the amount of revenue the user privacy data selling department would need to produce to be viable in Apples business structure would be too high to conceal from the auditors (independent contractors) required for publicly traded business. When you generate that much revenue you also need to deal with teams of IRS agents that are using magnifying glasses to find the revenue you are hiding.
I say all that, but I do not consider Apple saints, they are a business and like all businesses their goal is to move money from your bank to theirs, plain and simple. Apples commitment to security and privacy isn't to help us, its to help us feel better and have less concerns buying their products. Everything they do from creating new manufacturing and recycling techniques to using green energy sources to donating to educational and other charities are implemented to help them with tax breaks, less material cost, public appearance, educational charities to make younger developers, etc. If they do something that legitimately helps you at no/little cost it's because of a coincidence.
TL; DR: When it comes to security and privacy the customer and Apples goals are currently aligned with each other as reasonably as both parties are willing to compromise. This might not always be the case but it is right now.
