FaceApp may be privacy risk
Terms of service offer access to personal data
Experts wary of popular app based in Russia.
“Users should always be cautious when permitting an app access to their personal information, be it social media profiles, photos or contacts.” Jason Hill, CyberInt Technologies
Seems like nearly everyone on Twitter is accepting the #FaceAppChallenge by posting photos of themselves having aged. They are using FaceApp, a downloadable program available on Apple’s App store and the Google Play store, which lets you apply filters to your photos to transform your appearance – to make you look younger or older, have a different look, or even more masculine or feminine. Those can be shared online and on Twitter, Facebook and other social media sites. FaceApp, which uses artificial intelligence to create “neural face transformations,” first gained prominence in spring 2017. But a new wave of interest has made FaceApp the top free app in both the Apple and Google app stores, according to measurement site App Annie. Some privacy and security experts have expressed concerns that users granting the Russian-based FaceApp access to photos on their smartphones is a grand giveaway of privacy and personal information.
What does FaceApp say it may do with your photos?
Users must grant access to their photos to use the app, but FaceApp’s Terms of Service and Privacy notifications don’t explain how deep its access may go.
However, in the company’s Terms of Service, it says users grant FaceApp “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fullypaid, transferable, sub-licensable license to use, reproduce ... create derivative works from ... and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”
James Whatley of digital marketing firm Digitas noted on Twitter that FaceApp’s “terms of service page is a DOOZY.”
Silicon Valley lawyer Elizabeth Potts Weinstein reiterated the concern that using FaceApp gives the company “a license to use your photos, your name ... and your likeness for any purpose including commercial purposes.”
Should I be concerned?
Yes, say privacy experts, since it is uncertain what else FaceApp can access and how it might be used. Access to other information the app gets could be used for marketing purposes, too, as its privacy notifications says that “may help us or others provide reports or personalized content and ads.”
Most users don’t read these notices, says Jason Hill, lead cybersecurity researcher at CyberInt Technologies, a Tel Aviv, Israel-headquartered firm.
“Users should always be cautious when permitting an app access to their personal information, be it social media profiles, photos or contacts,” he said. “Furthermore, individuals should consider that they may not only be exposing themselves to an app provider as, when permitting access to a social media profile and it’s photos, may inadvertently permit access to images containing others.”
While there “is no immediate evidence to suggest that FaceApp is performing any nefarious task,” Hill said, “as in any case when an app or service is requesting personal information or access to profiles, users should be cautious of oversharing.”
Various pieces of your digital profile – acquired through various apps and social networks – could be compiled. “For example, collating photos associated with a user could, where present, allow image metadata, such as the location that a picture was taken, to be mapped and correlated with access logs, gathered when the user accesses the service, that will associate details of their IP address, ISP and the device (including browser, operating system and hardware).” Hill said.
What about other apps?
Popular video app TikTok is another app to be concerned about. David Carroll, a professor of media design at The New School in Manhattan, has said since FaceApp is based in Russia and popular video app TikTok is based in China, it’s “safe to assume those governments can readily access your data.”
Tech firms based outside the U.S. are “subject to different standards or governance for data handling,” CyberInt’s Hill said. “Whilst many individuals may not be concerned by this, users working in government, military or sensitive roles may want to consider the ramifications of potentially exposing their personal data to foreign entities.”