Who wouldn’t want a little peek into the future to see how they’ll look when they’re older? That’s what FaceApp does, but there’s a catch – users sign away mountains of data and give the right to use their images under almost any circumstances. Given the questionable ownership of the app, there’s no telling exactly how that data might be (ab)used.
Emily Green
Jul 18, 2019 · 4 min read
FaceApp has been around for a couple of years, but it went viral a few days ago due to its new aging filter. The app uses AI to show how you might look in 20 or 30 years. These images became so popular that even celebrities started posting them on social media with the #faceappchallenge tag. However, many people raised their eyebrows when they started digging deeper and reading the app’s T&Cs, which say:
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”
This means that the app has the right to use your name, photos, and other content in any way they want.
Alongside its vague T&C statements, the app’s privacy policies also raise a lot of cybersecurity concerns. Here’s why:
FaceApp founder Yaroslav Goncharov is a former executive at Yandex, which has been accused of sharing sensitive user data with the Kremlin. Therefore, critics have wondered where your data will be stored and who will have access to it.
FaceApp claims that the data is stored in US servers rather than in Russia, where the app was developed. However, there’s nothing in the T&Cs stopping this data from crossing borders or being given to questionable third parties or governments. As has happened many times before with other companies, you probably have no idea who their partners are and what they’ll do with that data.
They also stated that most images you upload are stored in the cloud and automatically deleted after 48 hours. However, FaceApp also states in their privacy policy that they keep the right to store your photos on their servers even if they’ve deleted them from your app. Essentially, they can keep your photos and data for as long as they want.
The app requires access to your camera and the contents of your memory card, but some iOS users noticed that the app can also access all of the photos in their photo library despite restrictive sharing settings.
What’s also disconcerting is the broad range of other permissions it asks for. If you agree to the app’s terms, it will also be able to access your browser history, location, cookies, log files, metadata, and more. It’s hard to say just how much more data the app might gather without your consent.
Your data can be matched with your image and the information you share on social media to create accurate profiles of who you are.
It can then be used to target you if you live in or visit an oppressive country, if you’re an activist or a politician, or to influence your decisions. After all, this is exactly how the Cambridge Analytica scandal started – with an innocent, fun little quiz app.
Your data can also be used to create new social media or other accounts that can be exploited in social engineering attacks.
We often forget that facial recognition is turning our faces into digital signatures. We have new and powerful technologies that unlock our phones simply by looking at them. Scientists have used 3D printers with photos to bypass facial recognition, while some systems can be fooled by the photos themselves. Deep fake videos can put words in someone’s mouth in a video using only a photo of their face.
One day, your face might become the key to unlocking your door or your bank account. Be careful who you give your key away to.
The key takeaway is that users should value their data more and not give it away freely. It can seem like an inconsequential tradeoff but it’s not.
Never disregard app T&Cs, especially when they handle sensitive data such as your personal information or your images. T&Cs can be long and boring, so it’s easy to blindly accept them. However, sometimes it’s enough to look for the key things such as how data is stored, who it is shared with, and what other files or settings the app will be able to access. The next time you download an app everyone is talking about, spend a few moments to look over the permissions you give it. It may pay off more than you think!
Want to read more like this?
Get the latest news and tips from NordVPN