Should You Be Worried About FaceApp's Privacy Policy?

July 17, 2019 - 11:36 am
Categories: 

(WBBM NEWSRADIO) -- If you went on social media on Wednesday morning, you probably saw people posting pictures of themselves aged, generated through a filter on the viral selfie app, FaceApp.

And although it is viral, and rather comical to see how one might age, you may want to think twice before using FaceApp.

FaceApp first went viral in 2017, gaining millions of users. The app recently gained popularity again after #faceappchallenge posts took over social media and celebrities, along with everyone else, began posting photos using the app's old-age filter. 

Strong ass old man face and upper body --------

A post shared by Kevin Hart (@kevinhart4real) on

And with the rise in popularity came questions about the app's privacy and whether or not FaceApp is doing enough to protect its users' data. 

A developer sent out a tweet warning that the app could be taking all the photos from your phone and uploading them to its servers without the user's permission. 

According to Mashable, there are also people pointing out the fact that the app requires a data connection and some are saying the app has Russian origins.

While there's no evidence, yet, to support these claims, it's fair to be concerned after other sites and apps have had privacy issues. For example, NBC reported earlier this year that Ever, a photo storage app, was using its users' photos to train facial recognition software it then sold to law enforcement. IBM was also found to be using Flickr photos to train facial recognition applications without permission from those in the photos. And last year, PopSugar's "twinning" app inadvertently leaked data.

The Year 3000, OLD Town Road, Champagne GrandPapi & more. -- See more artists using the old-age filter at the link in bio. #faceappchallenge

A post shared by Billboard (@billboard) on

But according to Forbes, a security researcher who goes by the pseudonym Elliot Alderson downloaded the app and checked where it was sending users' faces. The French cyber expert found FaceApp only took submitted photos - those that you want the software to transform - back up to a company server, not all your photos.

He also found the server is based in America, not Russia. But, given the developer company is based in St. Petersburg, the faces will be viewed and processed in Russia. It's unclear how much access FaceApp employees have to those images and Forbes hadn't received comment from the company about just what it does with uploaded faces.

Privacy Policy

Although there is no evidence to support privacy concerns, FaceApp's privacy policy doesn't exactly offer many assurances.

The FaceApp's privacy policy states it also collects location data and users' browsing history. 

"These tools collect information sent by your device or our Service, including the web pages you visit, add-ons, and other information that assists us in improving the Service," the policy states.

And though it states that "we will not rent or sell your information to third parties outside FaceApp," it explicitly said that it does share information with "third-party advertising partners," in order to deliver targeted ads. 

Forbes suggests users who are concerned about the app having permission to access any photos at all might want to look at all the tools they have on their smartphone. It's likely many have access to photos and an awful lot more. Your every move via location tracking, for instance. To change permissions, either delete the app, or go to app settings on your iPhone or Android and change what data tools are allowed to access.

Forbes contacted FaceApp founder Yaroslav Goncahrov, who provided a statement Wednesday. He said that user data is not transferred to Russia and that "most of the photo processing in the cloud."

"We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud," Goncharov added.

"We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn't upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date."

He said that users can also request that all user data be deleted. And users can do this by going to settings, then support and opt to report a bug, using the word "privacy" in the subject line message. Goncahrov said this should help speed up the process.

And he added: "We don't sell or share any user data with any third parties."