Viral FaceApp Draws Concerns From Users About Data Privacy -- Security Today

Viral FaceApp Draws Concerns From Users About Data Privacy

The app, which is based out of Russia, was popular for its ability to make users look older. But critics say there’s a catch.

By Haley Samsel
Jul 19, 2019

An app that uses artificial intelligence to make users look older, younger or a different gender went viral over the past week, with everyone from Kevin Hart to K-pop stars BTS posting selfies of their aged faces.

But almost as quickly as the trend caught on, the reality of privacy concerns caught up with people who downloaded FaceApp, an application with over 80 million active users that was created by a Russia-based startup in early 2017.

Among the concerns pointed out by cybersecurity experts, journalists, lawmakers and app users alike: There was not much known about whether FaceApp uploads users’ photos to the cloud or if they had access to all photos on an individual phone even if the user had not granted access to their photo library.

The photo library issue is actually allowed in Apple’s operating system, as iOS allows users to select specific photos to upload to apps even if they did not give permission to access the entire library, TechCrunch reported.

However, the answer to the cloud issue is not as simple. FaceApp told TechCrunch and other media outlets that most of the processing that powers its transformations of people’s faces is done in the cloud.

In its statement, the company said it only uploads photos selected by the user for editing.

“We might store an uploaded photo in the cloud,” FaceApp said. “The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation.”

The startup added that “most images” are deleted from their servers within 48 hours of the upload and that they accept requests from users who desire to have all of their data deleted from their servers. It said the company’s support team is “currently overloaded” with these requests.

In addition, FaceApp responded to concerns about the company’s location in Russia and the potential for the Russian government to access users’ facial data. Although the company’s core research and development team is located in Russia, the user data is not transferred to Russia, according to FaceApp.

“We don’t sell or share any user data with any third parties,” the statement said.

The assurances did little to quiet concerns among lawmakers and users. Sen. Chuck Schumer (D-NY), the senate minority leader, sent a letter to the Federal Bureau of Investigation and Federal Trade Commission Wednesday asking for the agencies to investigate the app’s claims about its protections of user data.

Schumer pointed out that the terms and conditions that users agree to when they use FaceApp allow the company to use or publish content shared with the application, including a username or real name, without notifying or paying users.

“I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it,” Schumer wrote.

Schumer also focused on FaceApp’s location in Russia and how the company “provides access” to the data of American citizens to third parties or foreign governments.

“It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States,” Schumer wrote.

He added: “In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure, including from hostile foreign nations.”

It remains to be seen how the privacy concerns will affect FaceApp’s popularity, but tech experts advise users to think more carefully about what apps they download and what information they share.

“I completely understand that it's nearly impossible to protect your data around the web,” tech journalist Charlie Warzel wrote on Twitter. “But downloading/not downloading apps is a really concrete way to protect your privacy. It's a rare situation where the user is in control.”

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West
Live From ISC West 2024: Post-Show Recap

ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now
- Industry Events
- ISC West
ISC West 2024 is a Rousing Success

The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

Hanwha QNO-7012R

The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3
EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

Viral FaceApp Draws Concerns From Users About Data Privacy

ISC West 2024 Welcomed More Than 29,000 Attendees

Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution

Allegion US Features Interoperability, Mobile Credentials and More at ISC West

Altronix Showcases Products to Protect Critical Infrastructure at ISC West

Axis Communications Launches Axis Cloud Connect at ISC West 2024

Genetec Security Center SaaS Supports Direct-to-Cloud Workflows With Axis, Bosch, Hanwha, and i-PRO Devices

ASSA ABLOY Introduces Centrios, a New Access Control Brand for Small Businesses