Russian company's FaceApp raises privacy concerns: Here's how to protect yourself and lessons learned

ByKris Reyes WPVI logo
Friday, July 19, 2019
FaceApp raises privacy concerns: Here's how to protect yourself
Privacy watchdogs and security analysts have been ringing the alarm bells around FaceApp, which lets you transform into an older, younger or more glam version of yourself.

SAN FRANCISCO -- Think of your app privacy on a spectrum-- on the most private end, you're looking at promises of end-to-end encryption, multi-factor authentication, content that self-deletes.

Closer to the middle is when you have many privacy options but you have to turn them on yourself. Or you hand over your data to an app, but the app promises never to sell it.

RELATED: What to know about FaceApp after aging filter goes viral, raising privacy concerns

And then the least private asks you to hand off the rights to your content and data with no explanation about how they're going to use it.

The problem, according to Will Strafach, CEO at Guardian APP, is that most people don't exactly know what level of privacy they're getting

"It's getting more and more frequent for apps to overstep their bounds, unfortunately. If you grant access to permission for a very specific purpose, they'll sometimes use it for other things and you have no idea it's happening, it's getting worse and worse, unfortunately," he said.

Strafach's app provides a firewall for the iPhone, allowing users to block or track third party apps from accessing their data.

Strafach and other privacy watchdogs have been sounding off on this issue after FaceApp went viral again with people sharing their photos filtered to look old or young or glamorous, using the app's AI technology. One tally, based on the App Store and Google Play sales, approximate that the app now has full access to the images of 150 million people worldwide.

FaceApp's Terms of Use and Privacy Guidelines states :

You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your username, location or profile photo) will be visible to the public.

RELATED: Protect yourself: Every internet user should know these basic online privacy tips

FaceApp issued this statement to address concerns:

We are receiving a lot of inquiries regarding our privacy policy and therefore, would like to provide a few points that explain the basics:

1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.

2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn't upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.

3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using "Settings->Support->Report a bug" with the word "privacy" in the subject line. We are working on the better UI for that.

4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don't log in; therefore, we don't have access to any data that could identify a person.

5. We don't sell or share any user data with any third parties.

6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.

Additionally, we'd like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don't do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.

We asked Strafach to give us his list of red flags when downloading an app :

KNOW THE DEVELOPER

Most people don't do this but it's easy enough to look up the developer of the app you download. When you buy an app, It's clearly written at the end of the description, right before ratings and reviews.

BE MINDFUL OF HOW OFTEN THE LOCATION ICON COMES UP

Apps that rely heavily on location often track where you are at all times, running in the background unless you turn it off.

SCAN USER AGREEMENTS FOR WORDS LIKE "ANALYTICS" OR WATCH FOR WHEN "SEE PRIVACY GUIDELINES" POPS UP.

Strafach says these are red flags that the app siphons user data for other purposes, including selling it to third parties. Strafach says most people don't read privacy and user guidelines, and some apps take advantage of this fact by making it hard or inconvenient to access the guidelines.

"Download any apps but be on the lookout, look for strange behavior and just don't be afraid to ask someone," says Strafach. He's hopeful that while there are many apps that are overstepping their boundaries, more people are also asking questions and learning about how to protect their privacy. He recommends that people check the privacy setting on their phones at least once a week to keep tabs on the apps that are accessing their content.

Copyright © 2024 WPVI-TV. All Rights Reserved.