faceapp screen

Viral FaceApp Draws Concerns From Users About Data Privacy

The app, which is based out of Russia, was popular for its ability to make users look older. But critics say there’s a catch.

  • By Haley Samsel
  • Jul 19, 2019

An app that uses artificial intelligence to make users look older, younger or a different gender went viral over the past week, with everyone from Kevin Hart to K-pop stars BTS posting selfies of their aged faces. 

But almost as quickly as the trend caught on, the reality of privacy concerns caught up with people who downloaded FaceApp, an application with over 80 million active users that was created by a Russia-based startup in early 2017.

Among the concerns pointed out by cybersecurity experts, journalists, lawmakers and app users alike: There was not much known about whether FaceApp uploads users’ photos to the cloud or if they had access to all photos on an individual phone even if the user had not granted access to their photo library.

The photo library issue is actually allowed in Apple’s operating system, as iOS allows users to select specific photos to upload to apps even if they did not give permission to access the entire library, TechCrunch reported.

However, the answer to the cloud issue is not as simple. FaceApp told TechCrunch and other media outlets that most of the processing that powers its transformations of people’s faces is done in the cloud.

In its statement, the company said it only uploads photos selected by the user for editing.

“We might store an uploaded photo in the cloud,” FaceApp said. “The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation.”

The startup added that “most images” are deleted from their servers within 48 hours of the upload and that they accept requests from users who desire to have all of their data deleted from their servers. It said the company’s support team is “currently overloaded” with these requests.

In addition, FaceApp responded to concerns about the company’s location in Russia and the potential for the Russian government to access users’ facial data. Although the company’s core research and development team is located in Russia, the user data is not transferred to Russia, according to FaceApp.

“We don’t sell or share any user data with any third parties,” the statement said.

The assurances did little to quiet concerns among lawmakers and users. Sen. Chuck Schumer (D-NY), the senate minority leader, sent a letter to the Federal Bureau of Investigation and Federal Trade Commission Wednesday asking for the agencies to investigate the app’s claims about its protections of user data.

Schumer pointed out that the terms and conditions that users agree to when they use FaceApp allow the company to use or publish content shared with the application, including a username or real name, without notifying or paying users.

“I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it,” Schumer wrote.

Schumer also focused on FaceApp’s location in Russia and how the company “provides access” to the data of American citizens to third parties or foreign governments.

“It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States,” Schumer wrote.

He added: “In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure, including from hostile foreign nations.”

It remains to be seen how the privacy concerns will affect FaceApp’s popularity, but tech experts advise users to think more carefully about what apps they download and what information they share.

“I completely understand that it's nearly impossible to protect your data around the web,” tech journalist Charlie Warzel wrote on Twitter. “But downloading/not downloading apps is a really concrete way to protect your privacy. It's a rare situation where the user is in control.”

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3