FaceApp: 5 Things To Know About Privacy And National Security
Facebook newsfeeds were flooded last week with photos showing what your 30-year-old friend might look like as a 60-year-old person — or as a 2-year-old. FaceApp, a trendy smartphone application that uses artificial intelligence to show age progression, is promoted as innocent social media fun. But some people are increasingly worried that the Russian company that developed the peek into the future collects user data that could fall into the hands of hostile foreign powers or be used in training for facial recognition software.
Senate Majority Leader Chuck Schumer last week asked the FBI and Federal Trade Commission to assess the app, writing in a letter to the agencies that he’s concerned FaceApp, developed by Wireless Lab in Russia, could pose “national security and privacy risks for millions of U.S. citizens.”
The New York Democrat wrote it would be “deeply troubling” if sensitive personal information was provided “to a hostile foreign power actively engaged in cyber hostilities against the United States” and asked the agencies to assess the situation.
The app has been around since 2017, but saw a resurgence in the social media #AgeChallenge.
Here are five questions about FaceApp:
1. Does FaceApp upload your entire camera roll? No, representatives of Wireless Lab said, responding to concerns circulated on Twitter that on iPhones, FaceApp would be able to upload a user’s entire camera roll, including screenshots revealing financial and health information, photos of kids with the names of their schools and other sensitive photos.
“We don’t do that,” FaceApp said in a statement to TechCrunch. “We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.”
The confusion stems from an iPhone feature that shows the entire camera roll within the app. That makes it appear the entire photo library is up for grabs, but users still need to select an individual photo.
Android phones don’t access the photo library in the same way.
2. Does FaceApp store the selected photo? Many apps perform processing on a device to limit exposing users’ data, but FaceApp sends photos on both iPhone and Android devices to cloud servers for editing. Cybersecurity experts say that can potentially expose the photos to hacking and other problems, and FaceApp doesn’t explicitly tell users where the photos are processed.
Should you worry?
The company says it “might” store the photos on cloud servers for a short period, but that “most images are deleted from our servers within 48 hours from the upload date.”
3. Does FaceApp share your data? FaceApp says its research and development team is located in Russia, but claims no data is “transferred to Russia” and that it doesn’t sell or share data to third parties.
Founder Yaroslav Goncharov told TechCrunch that while the research and development team is located in Russia, it uses Amazon Web Services and Google Cloud, both hosted in the United States.
4. What can users to do make sure their data has been deleted from servers? The process is somewhat convoluted, and FaceApp told TechCrunch it is working on a smoother, more transparent process.
To delete data, send requests via the mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line.
Photos might not be deleted right away, though. The company says the security team “is currently overloaded, but these requests have our priority,” according to The Express.
The company also said in its statement to TechCrunch that “allFaceApp features are available without logging in, and you can log in only from the settings screen.”
It said 99 percent of users never log in and, “therefore, we don’t have access to any data that could identify a person.”
5. Should you use the app or resist it? Guardian Firewall CEO Will Strafach told The Associated Press he used a network analyzer to track the app, but didn’t find any problems.
He does, however, have a problem with FaceApp’s lack of transparency. The company wasn’t initially upfront about its use of cloud services, instead of the phone, to edit and store photos, even if temporarily.
“Bottom line is they were handling sensitive data and they handled it cavalierly and that’s just not cool,” Strafach told The AP.
“It’s part of the same trend of tech companies writing these overly broad terms of service that gives them way more power than they actually need to perform the service,” he said.
The Associated Press contributed reporting.