Security and privacy concerns raised as FaceApp popularity explodes

Jul 17 2019, 4:26 pm

It’s gone viral in just the last 24 hours and is currently the #1 app in the App Store, but while it may appear to be all in good fun, serious privacy and security concerns are being raised over FaceApp.

The app itself uses AI to digitally age a person’s face, giving them a potential glimpse of what they may look like as an elderly person.

See also

It was created in 2017 by developers at Wireless Lab in St. Petersburg, Russia, and some experts say that the terms of use around the product essentially equate to surrendering personal and private data, which had Digitas UK’s James Whatley taking to Twitter, where he highlighted the terms and conditions page of the app, calling it a “doozy.”

 

View this post on Instagram

 

A post shared by Fashion 👠| Model 📸| Youtuber🎥 (@_tshwarelo_m) on

 

View this post on Instagram

 

A post shared by Dawid Tomasik (@d_tomasik) on

The app’s terms of use state, among other things, that users “grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform, and display your User Content and any name, username, or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”

 

View this post on Instagram

 

A post shared by Александр Капцов (@seoups_com) on

The conditions add that when someone shares content on the app, they understand that “User Content and any associated information (such as your [username], location, or profile photo) will be visible to the public.”

According to Tech Crunch, language like this means that even users who set their Apple iOS photo permissions to “never,” are not protected against the terms.

In a Daily Mail report, Ariel Hochstadt, a Security Expert from vpnMentor blog and ex-Gmail marketing manager for Google said he’s raised concerns over apps like these in the past.

“Hackers many times are able to record the websites that people visit, and the activities they perform in those websites, but they don’t always know who are those users,” he said. “They also know who this image is, with the huge [database] they created of FB accounts and faces, and the data they have on that person is both private and accurate to the name, city, and other details found on FB.”

FaceApp responds to concerns

In response to these concerns, FaceApp issued a statement saying, among other things, that even though the core R&D team is located in Russia, the user data is not transferred to Russia, and “we don’t sell or share any user data with any third parties.”

As for user images, FaceApp said that “all pictures from the gallery are uploaded to our servers after a user grants access to the photos. We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the Internet.”

FaceApp’s full statement is below:

We are receiving a lot of inquiries regarding our privacy policy and therefore, would like to provide a few points that explain the basics:

1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.

2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.

3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.

4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.

5. We don’t sell or share any user data with any third parties.

6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.