Is FaceApp Really a Privacy Threat?

FaceApp

Should you be afraid of FaceApp, the photo editor out of Russia accused of vacuuming up photos of millions of Americans?

According to security researchers, we all need to calm down. The app isn’t trying to invade your privacy and mass upload all the photos from your phone. “We have found nothing out of the ordinary in this app,” Aviran Hazum, a researcher at the antivirus company Check Point, said in an email.

Hazum is among the experts who’ve analyzed FaceApp and found no major privacy violations in the software’s processes. “I must say that this app seems to be developed in a good fashion—no greedy permissions, and it does what they claim it does,” he added.

So why did the app suddenly raise alarms? FaceApp has actually been around for two years, and comes from a little-known company based in St. Petersburg, Russia, called Wireless Lab. In recent days, the app went viral again with the help of a photo filter that can age your face into an old person. Celebrities including Lebron James, Kevin Hart, and Drake have posted the entertaining results. But not everyone has been amused.

“BE CAREFUL WITH FACEAPP,” tweeted Joshua Nozzi, a software developer, who began warning about the purported privacy violations with the app on Monday. “It immediately uploads your photos without asking, whether you chose one or not.”

His tweet sparked a cascade of media stories about the privacy risks with FaceApp. “Russians now own all your old photos,” reads the headline from The New York Post.

According to reports, the Democratic National Committee—which was hacked by Russians during the 2016 presidential election—warned 2020 candidates and their staff to delete the app. US Senator Chuck Schumer of New York also asked the FBI and FTC to investigate the privacy and national security risks with the app.

The only problem? The app doesn’t automatically break in and collect the photos stored on your phone. “The press coverage of this FaceApp story is out of control,” tweeted Robert Baptiste, another security researcher who also analyzed the product. “No, they are not uploading your photos to their server. They upload only the photo you are working on.”

FaceApp later explained in a statement to Mashable that the product will only upload the photo the user selects for editing to a company server, which then applies the image filter. In other words, this is no different from how other online photo-editing software works.

“We might store an uploaded photo in the cloud,” FaceApp’s CEO Yaroslav Goncharov said in the statement. “The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.

“All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99 percent of users don’t log in; therefore, we don’t have access to any data that could identify a person,” he added.

‘I Was Wrong’

Nozzi has since deleted his original tweets warning about FaceApp. “I was wrong. I was wrong about what I thought the app was doing (uploading all pics once granted access), and I was wrong to have posted the accusation without testing it first. Full stop,” he wrote in a blog post.

Despite his mea culpa, Nozzi believes there are still legitimate concerns with app. He points to how the product neglects to warn users that edited photos will be uploaded to the company’s servers. FaceApp’s terms and conditions also allow it to use your uploaded photos for commercial purposes.

“What I don’t regret in the slightest is having called attention to the privacy concerns surrounding this app,” he wrote in his blog post.

Indeed, we should all be concerned about our digital privacy. But the same worries apply to almost any major tech product or app in the market, including Facebook, Instagram, and Snapchat, which also has a broad policy on how it can use your uploaded content for commercial purposes. Using any of these products often means submitting some personal information and trusting the company not to misuse it. However, it’s clear that even the biggest companies have trouble following their own rules and privacy policies.

The issue has prompted scrutiny into how uploaded photos to social media and mobile apps might be used for purposes users never imagined. This includes training AI-powered facial-recognition software, which privacy advocates fear may one day power surveillance systems.

“Ultimately, you have no say in how your photo is used after you’ve given it to them,” Richard Henderson, head of threat intelligence at the security firm Lastline, said in an email.

FaceApp, however, said it does allow users to remove their data from its servers. “Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings > Support > Report a bug’ with the word ‘privacy’ in the subject line. We are working on the better UI for that,” the company told Mashable.


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *