Recently, Apple has been quick to point out that security and privacy for its users is a priority for the company, repeatedly noting that Apple does not rely on serving ads based on user data to make money. Yesterday, Apple announced two new features, Live Photos and 'Hey Siri', that have raised questions about the privacy and security about the features. The company explained its privacy procedures to TechCrunch.
Live Photos are treated like any other photo or video on an iPhone, which means that the Live Photo is encrypted at all times. The only way a Live Photo leaves a device is when a user decides to share it or selects to use iCloud. Live Photos record the 1.5 seconds before and after your picture, though Apple says the camera is restricted in what it can save.
“Although the camera is “recording” while you’re in Live Photo mode, the device will not save the 1.5 seconds before until you press the camera button,” says Apple. “The pre-captured images are not saved to the user’s device nor are they sent off the device.”
This means that the camera is always recording the last 1.5 seconds of footage it sees, though it will continuously delete that footage unless it's "saved" when a user takes a photo. The 1.5 seconds after a photo is taken is also saved when a user takes a photo. Live Photos is turned on by default, but a user can turn it off by clicking the orange Live icon in between the HDR and timer icons.
Hey Siri allows a user to active Apple's personal assistant with their voice, which means that the iPhone has to constantly "listen" for a user's vocal activation. However, Apple tells TechCrunch that nothing a user says is recorded until Hey Siri is activated.
The feature can only be activated in a two-step matching process. First, the iPhone must "hear" the general "Hey Siri" activation phrase. The phone then must match that activation phrase with the personalized way the user says "Hey Siri", which prevents the feature from activating when other people say the phrase. If the phone "hears" "Hey Siri" but it's not a vocal match for its owner, the feature will not activate. This process is done locally on the device, and no audio is sent off of the iPhone.
After "Hey Siri" is activated, the privacy and security protocols in place work similarly to how Siri works now. Audio is sent off to Apple and associated with a device using a random identifier rather than an Apple ID or other personal information. If a user turns off Siri, Apple will delete all the User Data associated with the random identifier.
"Hey Siri" is an optional feature that a user must opt into during iOS 9's setup process. Users, if they choose, can opt to never enable the feature.
The full explanation, including descriptions directly from Apple, can be read at TechCrunch.