Sreenshot of a FaceApp edit

What is FaceApp?

FaceApp a state of the art photo-editor powered by AI, but also an app that has over 80 million active users. FaceApp is a free app that can be downloaded to your device from the AppStore or Google Play. Currently there are 21 fun&free filters in the basic version. The Pro version includes 28 filters that can change your style completely with just one tap.  This app got into the trend quite recently and it’s popular already.

FaceApp, which was launched by Russian publisher Wireless Lab in 2017, uses artificial intelligence to modify users’ photos, changing their hair colour, adding wrinkles or subtracting years from their faces.

It is currently the most downloaded free application on Google Play, with more than 100 million users, after its new aging filter attracted interest from celebrities and the general public.

This post is not only centered on what the detail of the FaceApp is but it is centered on the recently raised alarms on the breach of security related to this App.

Sen. Chuck Schumer (D-NY) has asked the FBI and the FTC to look into the app’s data handling practices.

“I write today to express my concerns regarding FaceApp,” he writes in a letter sent to FBI Director Christopher Wray and FTC Chairman Joseph Simons. Below is an excerp of his main concerns;

In order to operate the application, users must provide the company full and irrevocable access to their personal photos and data. According to its privacy policy, users grant FaceApp license to use or publish content shared with the application, including their username or even their real name, without notifying them or providing compensation.
Furthermore, it is unclear how long FaceApp retains a user’s data or how a user may ensure their data is deleted after usage. These forms of “dark patterns,” which manifest in opaque disclosures and broader user authorizations, can be misleading to consumers and may even constitute a deceptive trade practices. Thus, I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it.
In particular, FaceApp’s location in Russia raises questions regarding how and when the company provides access to the data of U.S. citizens to third parties, including potentially foreign governments.

There’s been a surge in popularity over the last week, but it was also noticed that the app seemed to be able to access your photos whether you said it could or not. It turns out that this is actually a normal capability of iOS, but it was being deployed here in somewhat of a sneaky manner and not as intended. And arguably it was a mistake on Apple’s part to let this method of selecting a single photo go against the “never” preference for photo access that a user had set.

Fortunately the senator’s team is not worried about this or even the unfounded (we checked) concerns that FaceApp was secretly sending your data off in the background. It isn’t. But it very much does send your data to Russia when you tell it to give you an old face, or a hipster face, or whatever. Because the computers that do the actual photo manipulation are located there — these filters are being applied in the cloud, not directly on your phone.

His concerns are over the lack of transparency that user data is being sent out to servers who knows where, to be kept for who knows how long and sold to who knows whom. Fortunately the obliging FaceApp managed to answer most of these questions before the Senator’s letter was ever posted.

The answers to his questions, should we choose to believe them, are that user data is not in fact sent to Russia, the company doesn’t track users and usually can’t, doesn’t sell data to third parties, and deletes “most” photos within 48 hours.

Although the “dark patterns” of which the senator speaks are indeed an issue, and although it would have been much better if FaceApp had said up front what it does with your data, this is hardly an attempt by a Russian adversary to build up a database of U.S. citizens.

While it is good to see Congress engaging with digital privacy, asking the FBI and FTC to look into a single app seems unproductive when that app is not doing much that a hundred others, American and otherwise, have been doing for years. Cloud-based processing and storage of user data is commonplace — though usually disclosed a little better.

Certainly as Sen. Schumer suggests, the FTC should make sure that “there are adequate safeguards in place to protect the privacy of Americans…and if not, that the public be made aware of the risks associated with the use of this application or others similar to it.”

Don’t forget to give this post a like and you can leave a comment related to your views on this post. Thank You!

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here