‘If you thought apps like Facebook were bad for privacy, FaceApp is far worse’

18 Jul 2019

Image: © Carlos David/Stock.adobe.com

Privacy advocates have alleged that the viral app sensation FaceApp is a targeted effort to harvest personal data on a global scale.

If you’ve noticed everyone on Instagram and other social media platforms looking a lot older all of a sudden, then you would have seen the work of the returning viral app sensation, FaceApp.

This marks the second time the app has exploded in popularity, but now it has better image editing software built in. Once downloaded, the app takes photos from your camera roll and uses facial image editing software to create filters for the subject’s face.

However, serious concerns have been raised both by privacy advocates and high-ranking government officials in the US that the company behind the app – a start-up based in Russia – may be harvesting personal data on a global scale.

For example, one concern was that the company was uploading user images to the cloud without it being made explicitly clear that those photos are not stored locally on the device. The image processing it needs to make people older, a different gender or change their hair colour is all done in the cloud.

If that cloud server is not secure, major privacy breaches could occur given that not everyone’s camera rolls just contain selfies. In many cases, a person taking photos of their banking information for ease of access or for sending to someone else might be intercepted by a malicious party.

‘Staggeringly invasive data collection’

Looking at the app’s user agreement, it says that by gaining access to FaceApp, you are giving the company location data, browsing history and more information being shared with third-party affiliates.

Ray Walsh, a data privacy advocate at ProPrivacy, told Siliconrepublic.com that such apps are often designed to perform “staggeringly invasive data collection”.

“If you thought apps like Facebook were bad for your privacy – and they are – FaceApp is far worse,” he said. “The problem with FaceApp is that once it harvests your photos there is nothing you can do to revoke those permissions. Downloading the app gives the firm ownership over your data forever, and the firm can use that data – including your likeness – however it pleases.”

Responding to questions posed by TechCrunch, FaceApp said it “might” store photos on the cloud for brief periods for the sake of “performance and traffic”. It added that “most images” are deleted from its servers within 48 hours of the upload date and that no data is transferred to its native Russia.

FaceApp denied that it sells or shares data with any other company, and added that it offers users the ability to remove data from its severs through the app. However, in a strange case of UI, it must be done through the ‘report a bug’ submenu with the word ‘privacy’ in the subject line. This, it said, was temporary and the company is working to build a clearer UI.

Colm Gorey was a senior journalist with Silicon Republic