A mobile app called FaceApp has been in the news as of late, with selfie-loving celebrities such as Drake, the Jonas Brothers and LeBron James posting photos created with the app.

What is FaceApp? 

In case you haven’t heard of it (I hadn’t until recently) FaceApp, which was released in 2017, is a cloud-based app that uses artificial intelligence to “age” photos that users upload through the app. FaceApp also allows users to “de-age” photos, alter hairstyle or color, add facial hair, and change gender. Soon after its launch developers were forced to remove a feature that allowed users to change their ethnicity. 

(The author’s before and after photo’s using the app)

So far this sounds harmless right? After all, Facebook, Snapchat and other apps have been applying filters to photos for years. The concern with FaceApp however is that its developers are based in Russia. And according to news reports, in order to install the app, users agree to terms of service that grants the company, Wireless Lab,  

“…a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.” 

Basically, this is legalese to say that any photos that users upload through their app can be used in any way, on any platform, and with any name (including the user’s) attributed to the photo, publicly in any way the company sees fit. Granting any company that type of rights to user data is frightening, let alone a company from Russia. 

The app is available on Apple’s iTunes App Store and Google’s Play Store, having been labeled an “Editor’s Choice”. They both provide links to the app’s privacy policy which of course they know nobody reads.  

Author’s Note: This is reminiscent of a South Park episode (Season 15 Episode 1) called “HUMANCENTiPAD” where Kyle, after agreeing to iTune’s Terms and Conditions, is forced to participate in a bizarre (and disgusting) experiment merging humans and iPads.

What happens to my data? 

The company’s CEO Yaroslav Goncharov has answered questions about how the company handles users’ data. FaceApp users interact primarily with US-based servers but all photo manipulation is performed in the cloud using Russia-based servers. According to Goncharov, the app will “only upload a photo selected by a user for

editing.” The rest of the photos within the user’s camera roll stay on their phone. FaceApp can also be used without giving it a name or email, which Goncharov says most users do. 

While the app’s terms of service grant a perpetual license, the company deletes “most of the photos” within 48 hours, according to Goncharov. Also, though the terms give the company – and whoever might buy it or work with it in the future – legal rights to do whatever they want with the data, he reassures users that the Russian government will not be using the data for facial recognition. 

Of course, Goncharov also states that the company doesn’t “sell or share any user data with any third parties,” but a Washington Post technology columnist found that the app was sharing information with Facebook and Google AdMob. He was also surprised at the volume of data that was being uploaded to the app’s own US-based servers. 

The Democratic National Committee recently encouraged those involved in upcoming elections to “delete the app immediately.” Of course, deleting the app will not prevent the use of data that the developers have already acquired. Goncharov explained that users may request that the company delete all their data from servers by submitting a request through the app. He said that they are receiving a high volume of these requests but are making it a priority to process them as quickly as possible. 

What should I do? 

This is the big question. There is no question the app is fun. Judging from some of the photos being posted by some of my friends, not to mention celebrities, the app does an impressive job creating very realistic, believable photos. 

If we choose to believe the CEO of the company that developed the app, there shouldn’t be any worries. FaceApp is not the first app with terms of service with wide-reaching permissions. For example, the Microsoft Outlook mobile app for Android required users to allow the app to do such things as “access info anytime,” “remotely control some security features of your Android device,” and “erase all data.” This sounds much more severe than it is. It essentially meant if the phone is used in a corporate environment, that the company had the ability to wipe the app’s data should the phone be lost, stolen or compromised. 

Also, it should be mentioned that FaceApp’s terms of service names the state or federal courts in Santa Clara County, California, in the heart of Silicon Valley, as the jurisdiction for the settlement of any legal disputes. 

I’m guessing that if we can’t trust the CEO’s assurances, and the Russian government IS in cahoots with FaceApp, your data is probably not that interesting unless you are a government official, have high-security clearances, or hold a high-profile position. 

Bottom line…if it makes you uncomfortable, have fun with some pictures but share them with friends offline or through text message or email rather than through social media. If it makes you really uncomfortable, request the app remove your data and uninstall the app. 

Sometimes when it comes to data security you have to choose your battles. If you allow yourself to get fired up about all the ways your data is being used without your permission, you may find yourself living in an underground bunker somewhere in Nevada.  

Where’s the fun in that? 

Author: Todd Williams, IT Help Desk Supervisor 

References: 

Denham, H. and Harwell, D. (2019, July 17). “FaceApp went viral with age-defying photos. Now Democratic leaders are warning campaigns to delete the Russian-created app ‘immediately’.” The Washington Post. Retrieved from www.washingtonpost.com/technology/2019/07/17/faceapp-adds-decades-your-age-fun-popular-russian-owned-app-raises-privacy-concerns/?utm_term=.15b822c8dda0 

Fowler, G. A. (2019, July 17). “You downloaded FaceApp. Here’s what you’ve just done to your privacy.” The Washington Post. Retrieved from www.washingtonpost.com/technology/2019/07/17/you-downloaded-faceapp-heres-what-youve-just-done-your-privacy/?utm_term=.44cb3c986486 

Powers, B. (2019, July 17). “FaceApp: Privacy Concerns, Features for the Viral App That Ages Your Face.” Retrieved from http://www.inverse.com/article/57785-faceapp-download-privacy. 

US Senator Calls for Investigation into Russia-made FaceApp. (n.d.). Retrieved from https://www.securityweek.com/us-senator-calls-investigation-russia-made-faceapp