FaceApp is the most popular free app on Google Play and Apple’s App Store thanks to an age filter that makes people in photos look much older. But while countless photos of aged celebrities and casual FaceApp users have been shared online in the past week, there are mounting concerns with how FaceApp handles user data.
FaceApp first became popular in 2017; the app uses artificial intelligence to alter people’s faces using a variety of filters. Photos added to FaceApp are uploaded to a server for processing before being sent back to the user.
FaceApp’s terms of service gives the company license to use photos and other information uploaded by users for commercial purposes, including their name, likeness, and voice. The terms of service also state that FaceApp may continue to store user data after its deleted from the app. The company says the data could be retained to comply with “certain legal obligations,” but there is no limitation on how long the data can be kept
FaceApp did not immediately respond to a request for comment.
FaceApp provided TechCrunch with an itemized statement to clarify its policy amid the privacy concerns. Though the terms of service suggest that data can still be transferred to the Russian development team, the company claims that user data remains on the server-side. FaceApp says that photos stored on the server are kept to make the editing process more efficient for its users, and the photos are usually deleted within two days.
The company said they also accept user requests to remove all personal data from their servers. However, the FaceApp claims the support team is currently backlogged with those requests as a priority. FaceApp also said that 99% of users choose not to log in, so they don’t have much in the way of identifying information.
Last year former special counsel Robert Mueller’s office charged more than a dozen Russian citizenswith crimes related to a vast social media campaign meant to impact the 2016 presidential election. The St. Petersburg-based Internet Research Agency (IRA) used false identities on Facebook, Twitter, and other social media platforms to spread fake news and propaganda.
While the actions of some bad actors in Russia should not condemn every Russian-based company, some FaceApp users and critics are reasonably concerned that their names and photos uploaded to FaceApp could end up being misused or leaked to the wrong company. FaceApp’s statement said they won’t sell data to third-party companies and data is not being transferred to Russia.
There are some additional security concerns with the iOS version of FaceApp due to the way iPhones handle photo security. While users can block FaceApp and other apps from viewing their full photo library, through the iPhone’s settings, Techcrunch noted a loophole in iOS 11 that gives apps permission to access one photo at a time if the user grants permission.
So far security experts have not detected any unusual practices with the current version of FaceApp, but as with all apps, users should be mindful of their lack of control when sharing photos and other personal data.
Source Scooper, BI