Privacy concerns are being raised over FaceApp, the highly-popular tool that uses artificial intelligence to apply filters to photos.
The app recently went viral through the “FaceApp Challenge.” Celebrities and internet users alike are using the app’s old-age filter to make themselves appear significantly older. FaceApp has repeatedly made headlines over the last two years by stirring up controversy regarding filters that changed people’s race, skin color, and gender.
The company’s latest problem, however, stems from issues related to user privacy.
For starters, FaceApp is a Russia-based company with its headquarters in St. Petersburg. That information alone has raised eyebrows given Russia’s heavy-handed approach to dealing with Russian-based tech companies–many of which are required to hand over user data.
Analysis of the app’s network traffic by a French security researcher, known online as Elliot Alderson, found that users’ photos are processed in servers hosted by Amazon in the U.S., not Russia. Still, the Russian company has access to those servers, although it remains unclear how much access FaceApp employees have to photos.
A now-deleted tweet thread from app developer Joshua Nozzi alleged that the company could be downloading users’ entire photo rolls. Alderson debunked that claim and instead found that the company is only gathering photos that users actually want filters applied to.
The press coverage of this #FaceApp story is out of control, let me repeat it:— Elliot Alderson (@fs0c131y) July 17, 2019
No, they are not uploading your photos to their server. They upload only the photo you are working on.
Also, the fact that developers are Russian doesn't prove anything… https://t.co/BQ3IoilqUp
FaceApp released a statement backing up Alderson’s analysis, noting that it only deals with photos selected by users.
“FaceApp performs most of the photo processing in the cloud,” the company wrote. “We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.”
If you use #FaceApp you are giving them a license to use your photos, your name, your username, and your likeness for any purpose including commercial purposes (like on a billboard or internet ad) — see their Terms: https://t.co/e0sTgzowoN pic.twitter.com/XzYxRdXZ9q— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
Security researchers argue that the terms of service are no different than most other popular photo-based apps like SnapChat.
1. No #faceapp terms arent different from other social apps.— Marc Rogers (@marcwrogers) July 17, 2019
2. Yes now they own irrevocable rights to your likeness.
3. Yes a Russian company now has a db of AI enhanced photos & your personal details.
4. Yes they likely hoovered up other metadata.
5. No you cant have it back.
That doesn’t mean you shouldn’t have any concerns though. When using any app, users should try and be aware of what information they are handing over. Overall, FaceApp doesn’t stand out as being any more concerning than other apps at the moment.
I am not seeing much fishy in FaceApp— Jane Manchun Wong (@wongmjane) July 17, 2019
Photos are uploaded to FaceApp's servers on AWS w/ authorization. Not much info is being sent to FaceApp's servers other than user metrics (e.g. ui interactions)
I just wish there's an option for users to delete their photos from the server
Either way, the conversation brings attention to how most apps operate and the potential privacy implications that come along with them.
For what it’s worth, FaceApp says it doesn’t sell the data it gathers to third parties and that users who want their data removed from the company’s servers can send them a request to do so.
- The FaceApp challenge shows you how gracefully you’ll age
- FaceApp’s race-changing filters under fire for promoting blackface
- FaceApp is ‘deeply sorry’ for its skin-whitening ‘hot’ filter
Got five minutes? We’d love to hear from you. Help shape our journalism and be entered to win an Amazon gift card by filling out our 2019 reader survey.