faceapp screen

Viral FaceApp Draws Concerns From Users About Data Privacy

The app, which is based out of Russia, was popular for its ability to make users look older. But critics say there’s a catch.

An app that uses artificial intelligence to make users look older, younger or a different gender went viral over the past week, with everyone from Kevin Hart to K-pop stars BTS posting selfies of their aged faces. 

But almost as quickly as the trend caught on, the reality of privacy concerns caught up with people who downloaded FaceApp, an application with over 80 million active users that was created by a Russia-based startup in early 2017.

Among the concerns pointed out by cybersecurity experts, journalists, lawmakers and app users alike: There was not much known about whether FaceApp uploads users’ photos to the cloud or if they had access to all photos on an individual phone even if the user had not granted access to their photo library.

The photo library issue is actually allowed in Apple’s operating system, as iOS allows users to select specific photos to upload to apps even if they did not give permission to access the entire library, TechCrunch reported.

However, the answer to the cloud issue is not as simple. FaceApp told TechCrunch and other media outlets that most of the processing that powers its transformations of people’s faces is done in the cloud.

In its statement, the company said it only uploads photos selected by the user for editing.

“We might store an uploaded photo in the cloud,” FaceApp said. “The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation.”

The startup added that “most images” are deleted from their servers within 48 hours of the upload and that they accept requests from users who desire to have all of their data deleted from their servers. It said the company’s support team is “currently overloaded” with these requests.

In addition, FaceApp responded to concerns about the company’s location in Russia and the potential for the Russian government to access users’ facial data. Although the company’s core research and development team is located in Russia, the user data is not transferred to Russia, according to FaceApp.

“We don’t sell or share any user data with any third parties,” the statement said.

The assurances did little to quiet concerns among lawmakers and users. Sen. Chuck Schumer (D-NY), the senate minority leader, sent a letter to the Federal Bureau of Investigation and Federal Trade Commission Wednesday asking for the agencies to investigate the app’s claims about its protections of user data.

Schumer pointed out that the terms and conditions that users agree to when they use FaceApp allow the company to use or publish content shared with the application, including a username or real name, without notifying or paying users.

“I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it,” Schumer wrote.

Schumer also focused on FaceApp’s location in Russia and how the company “provides access” to the data of American citizens to third parties or foreign governments.

“It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States,” Schumer wrote.

He added: “In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure, including from hostile foreign nations.”

It remains to be seen how the privacy concerns will affect FaceApp’s popularity, but tech experts advise users to think more carefully about what apps they download and what information they share.

“I completely understand that it's nearly impossible to protect your data around the web,” tech journalist Charlie Warzel wrote on Twitter. “But downloading/not downloading apps is a really concrete way to protect your privacy. It's a rare situation where the user is in control.”

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3