FaceApp_icon

Should you delete FaceApp?

The viral app, most recently part of a celebrity #FaceAppChallenge, allows users to upload photos to see how they might look when they’re old, if they were a different gender, etc. Although it has been around for a few years, the app is the subject of renewed privacy concerns.

At issue are the terms of use for the app (you know, the one that none of us really ever read) that gives the app the power to use your picture and your name for any purpose, for as long as it wants.

Check them out:

You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username, or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.

Gulp.

Adding to the concern for some: the company is based out of St. Petersburg, Russia. Given that Russia isn’t generally known for protecting consumer privacy, this has worried many. Truthfully, privacy advocates have had concerns about apps like this in the past and raised the alarms anew this week. Are those concerns warranted? Yes and no.

Here’s what is known about the app and what it’s doing with your data

1. User data is being stored in the U.S. According to Forbes, the photos are being stored on Amazon servers here in the U.S., but the company that owns FaceApp is Russian. Ergo, there are concerns that images could be used without your knowledge—particularly overseas.

2. Most photos are being deleted shortly after uploading (yes, most). The app creators told TechCrunch on Wednesday that most images are deleted from their servers within 48 hours. What happens to the ones they do keep? As of this writing, no one seems to know. In theory, they could be used for a variety of things, including training facial recognition software.

3. No, FaceApp doesn’t appear to have access to all your photos. Some reports say that using the app means it has access to your entire camera roll. This doesn’t appear to be the case. The Washington Post spoke with a security researcher who found that the app only accesses the photo(s) you upload.

3. The company says it’s not sharing photos with other companies, but… Although the company’s CEO says they’re not sharing any user data with third parties (which includes the Russian government), that user agreement says they can.

4. You can delete your data if you wish. Deleting the app won’t delete the photos you’ve uploaded. Instead, you’ll have to place a request. The company says:

We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.

Should you be worried?

Given the app’s rather vague and broad terms of use policy, it’s very understandable if you don’t feel comfortable using the app—after all, we lived through the Facebook/Cambridge Analytica scandal where user data was shared without permission. But, keep in mind that Twitter and other social media giants also have similar privacy terms of service.

Regardless of your feelings on this current situation, however, is a larger issue: of being aware of what information apps have access to and how they’re going to use your data.

If you’re not paying for an app or a service, stop and consider how the company is making money. Businesses aren’t charities, so odds are, YOU’RE the product. Therefore, you may not be paying for FaceApp with money, but instead you’re paying with your data. Note that FaceApp has Google Admob embedded in it. Advertising could be this company’s business model, but without more information, we don’t really know.

The safest approach to protecting your privacy is to be aware of how the apps utilize the information you share. Take the time to at least skim the fine print on your apps. Even if Google and Apple think they’re okay and have them in their stores, you may still be agreeing to terms that don’t sit well with you.

 

About TDS Security Team

The latest news and advice from the TDS Security Team.
No comments yet.

Leave a Comment