FaceApp: Harmless Fun or Privacy Fiasco Waiting to Happen?
There is a new craze on social media that can be credited to FaceApp, the same app that went viral in 2017 for its photo-morphing capabilities. Back then, FaceApp can add a smile to a photo or filter it to make the user look more attractive. Recently, the fad is all about the fact that the app can make users look younger or older in just a few taps on their mobile phones. Back in 2017, privacy issues hounded the app, and the same is true now. What basically happens when you apply filters on your photo using FaceApp are the following:
- FaceApp uploads and stores your photo on their server.
- FaceApp applies the filters server-side so they don’t have to do it repeatedly when a user uses the same photo again.
- FaceApp collects and stores personally identifiable information like your IP address and device operating system.
- FaceApp injects cookies to your device so it can track your usage and have advertisers target you with ads.
Using FaceApp is a lot of fun, that’s for sure. But it’s also a privacy disaster waiting to happen as the app makes you vulnerable. Despite this, thousands of people have been tempted to use the app. You might have seen your friends post photos of them looking very old, making you wonder if a time machine had brought you to the future. Or maybe you have posted the same kind of picture too. It’s fun (and enlightening) to know how you’d look when you’re 75 years old, but if you knew what else was going on while those photos were being generated, you’d cringe.
Even celebrities weren’t able to resist the urge to see what they will look like when they grow old. Here are the Jonas Brothers on their trip to the year 3000:
Then there’s Carrie Underwood and her husband:
And it seems like Mario Lopez will still be fit and drinking beer when he’s 80 years old:
Several other A-listers took on the FaceApp aging feature just because it’s amusing, and well, everybody else seems to be doing it. The same can be said about thousands (if not millions) of people all over the world, despite concerns that the app is a threat to user privacy. Let’s scrutinize if these privacy concerns are well-founded or just plain paranoia.
FaceApp Privacy Issues
The questionable data collection that FaceApp does had led several organizations, politicians, and online privacy advocates to call on an investigation and have users delete the app.
On July 17, the Democratic National Committee warned everyone involved in the 2020 presidential campaigns against using the photo-altering app and urged them to delete FaceApp. The DNC’s chief security officer, Bob Lord, said in the security alert he released that, “This app allows users to perform different transformations on photos of people, such as aging the person in the picture. Unfortunately, this novelty is not without risk: FaceApp was developed by Russians.”
On the same day, Senate Minority Leader Chuck Schumer asked the Federal Trade Commission and the FBI to conduct an investigation on FaceApp regarding the data they collect and how they are being used. The main concern is whether or not the personal data that people are uploading on FaceApp will make its way to the Russian government.
In response, the creators of the app had said that although the R&D team of the company is based in Russia, the user data being collected through the app is not sent to the country.
FaceApp: The Fine Print
Faceapp Terms of Service Privacy Issues
FaceApp’s terms of service start out as any normal online service would. It describes that a service is an application-based software and that it uses artificial intelligence to dramatically and realistically alter the foreground and background of a user’s photo. It further discloses that users are required to login to a third-party platform like Instagram, Facebook, and Twitter, to be able to use the FaceApp services.
Under Section 5 (User Content), however, the terms of service become quite concerning.
Apparently, by using FaceApp, you are giving them every right to use and even modify your pictures, and to use your name and user name along with the content. This is not unique to FaceApp though as most online services have a similar provision in their terms of service.
Section 14 (Transfer and Processing Data) is even more disturbing. The provision only has one sentence, but it’s enough to send chills down the spine of every individual concerned about his or her privacy. It states:
By accessing or using our Services, you consent to the processing, transfer, and storage of information about you in and to the United States and other countries, where you may not have the same rights and protections as you do under local law.
FaceApp Upload All Your Gallery Photos on Its Servers
Rumors have it that FaceApp will upload every picture on your camera roll to its servers. Not only the photo you filtered but every single photo on your camera roll. This is a scary and blatant attack on user privacy if it were true. However, it turned out that this rumor is false.
using a network traffic analyzer, I tried to replicate the thing people are talking about with FaceApp allegedly uploading your full camera roll to remote servers, but I did not see the reported activity occur.
here is marlo stanfiekd with a beard though pic.twitter.com/6wy8cHLNuA
— Will Strafach (@chronic) July 17, 2019
What is true though is that FaceApp uploads the photo you select to its server so they can apply filters server-side. This may not be disturbing to other people, but it’s alarming for those who are advocates of digital privacy. How would you feel about your photo being stored in a server located in some country you don’t know?
The creators of FaceApp said in regards to this privacy issue that “most images are deleted from our servers within 48 hours from the upload date.” Most are not equivalent to all pictures though, so our privacy bells are still ringing.
FaceApp Collects Your Data
- User Content: This includes photos, name, and username that the user has voluntarily provided to FaceApp. This also includes all communication such as service-related emails. Note that users cannot opt-out of these service-related emails, which is an obvious invasion of privacy and can even be against the privacy laws of some countries.
- Analytics Information: The app collects the websites you visit and any add-ons you subscribe to using a third-party analytics tool.
- Logs: This is where it gets disturbing. Logfile information is those that are automatically sent when a user visits an app or a website. It includes the user’s IP address, which is the very thing that VPN users are very protective of (for good reasons too).
- Device identifiers: FaceApp also collects, tracks, and stores (on your device or on their servers) device identifiers such as the operating system, and other information that is unique to the device you are using.
Should You Use FaceApp?
All this information that FaceApp collects and stores for who knows how long are very personal and could lead to you being tracked and monitored without your knowledge. The app masquerades as a photo-enhancement feature but it actually collects data from the social platform you’re using it with.
FaceApp, however, is not alone in doing this. Most applications and even the social media platform you regularly visit collects the same type of information without you knowing it. But just because it’s the norm for most apps and websites doesn’t mean that it’s right and safe. As the end-user, and the ultimate victim in all these, you must protect your privacy by choosing the apps you engage with and the information you share on your social media accounts. For good measure and utmost privacy protection, you can use a low-cost, high-quality VPN like LimeVPN.
A VPN replaces your credentials (including your real IP address) with its own, so your personal information won’t have to reach the app or website that you are accessing. What’s even better is that it encrypts your network traffic so that if someone has gained access to your network, they still can’t read your data. VPNs are a great help in the protection of user privacy, and it is the number one privacy solution used by millions of people and organizations.