By now, you’ve probably heard of the “FaceApp Old Age Challenge” and seen people posting pictures of what they might look like when they get older using FaceApp. There have also been several articles floating around the internet questioning the app’s privacy.
What Is FaceApp and Who’s Behind It?
FaceApp is a smartphone app which can transform a face to make it smile, look younger, look older, or even change gender. It was launched in 2017 by a Russian company called Wireless Lab. Pretty much since its initial release, the app has garnered controversy over the filters that change a person’s race and gender.
Here’s what Brian might look like, but he didn’t use the app. I’m pretty good at Photoshop (sorry, Brian!)
How Does This Work?
The way that this app works is that it uses artificial intelligence to scan your face and make alterations to the photo, but what may not be readily apparent is that none of the photo processing is actually done on your phone or device. The app sends your data and photo to its servers on “the cloud” where all of the processing is done before it sends the generated photo back to your phone. For those that aren’t familiar, whenever you hear the term “the cloud”, it basically means “someone else’s computer”.
It certainly makes sense that the A.I. doesn’t process the image on your phone or device since that kind of rendering usually requires a lot of processing power.
So What’s the Big Deal?
While reading through FaceApp’s Terms of Service (or “TOS” for short), some have noted that it appears that the app gives Wireless Lab the ability to use any or all of your information and photos in whatever way they want. If you would like to read through the TOS for yourself, you can read it on their website.
Of particular note is the part that says that your information may be transferred to a location not bound by the same data protection laws as you:
FaceApp, its Affiliates, or Service Providers may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
One thing that the TOS admits to doing is collecting information about your location and demographic information. What particularly interests me is the “demographic information” that it collects which it says they can use to aim online ads and other marketing at you. What this means is that you’re essentially telling Wireless Lab about your interests and what kind of person you are through using their app.
The way that FaceApp most likely collects this demographic information on you is when you connect the service to another social media account, like Facebook or Instagram (but I repeat myself). When you connect the app to your account on Facebook, it tags or “attaches” your information to the photos you upload which is what they use to sell ads they think will interest you.
Does FaceApp Upload All My Photos?
One of the main concerns that people have is that the app uploads a user’s entire camera roll—all the pictures on your phone—to the servers where this Russian company can do whatever they want with them. Wireless Lab claims that FaceApp only uploads photos users have specifically selected for editing and this appears to be true since some have already performed network tests which seem to confirm that claim. There is simply no evidence (as of yet) that FaceApp is uploading all your pictures to their servers. You can quickly check this with any network sniffing tools available on the internet (that is, if you know how).
Some FaceApp users have also raised concerns that they’re still able to upload a photo in FaceApp even after they’ve denied the app access to their camera roll, but iOS is programmed to override that to allow a single image so that the app is still able to function. The difference is that the app only has access to a single image rather than all of them.
So, What Should I Do?
Personally, I think that a certain level of paranoia is healthy since it’s good to always be on the alert to potential danger. That said, you’re probably not in any more danger than usual. Any app on your smartphone can—and most certainly does—transmit your personal information over the internet, especially apps like Facebook or anything released by Google. The reason people are freaked out about this is because it’s an app from a Russian company at the center of an internet fad.
You should always think twice about ANY apps or services that you use on your cell phone. Especially since identity theft is a growing issue with how much of a person’s information is transmitted through networks and systems on a daily basis, anything, no matter how innocuous, can open you up to a potential security threat.
If you still would like to use FaceApp, but you’re concerned about how much info you’re sharing with a company in Russia, a compromise might be to not connect the app to Facebook or Instagram and instead save the photo to your phone and share the pictures over social media from there.