FaceApp, the AI-powered picture-editing program, is trending in social media. We’ve all seen the pictures of celebrities using FaceApp to make themselves look older or younger.

However, security experts are concerned about the possibility that the app could access more than pictures. Many users don’t realize that the app, owned by an overseas company, doesn’t process the pictures on your phone. Instead it uploads your photos to its own server and manipulates it there.

Personal data is considered the new “Oil.”

User discretion is advised. When you allow any app to accurately map your face, this data can be collected and sold to generate revenue. This data can be used for facial recognition and tracking through unsecured cameras or targeted marketing at stores and the possibilities are endless.

In their privacy policy, Faceapp actually says that they “may use information” they receive to “provide personalized content & information to you and others, which could include online ads or other forms of marketing.” So it’s safe to assume that they are collecting data.

Concerns about FaceApp’s Terms of Use & Permissions 

When you accept the FaceApp’s terms of use it gives their developers the right to use your selfies, name, likeness, voice or, persona for commercial purposes. It also has a statement covering privacy laws of EU & US and states that they may transfer information to other countries & jurisdictions.

Using the app also grants the program permissions, to access in-app purchases, photo & media files, device storage and your camera. These features have been considered suspicious and excessive for a simple photo editing app. Security advisers are also worried about the possibility of the app to take any image from your library or, randomly turn on your camera & take pictures/videos or, access data on your device storage.

Also, under “Other” permissions, using the app, grants additional permissions for receiving data from the internet which could be a malware payload, viewing network connections and giving full network access and prevent the device from sleeping.

Behavior tracking concerns

Another feature that is causing concern is found in their privacy agreement that says “A device identifier may deliver information to us or to a third
party partner about how you browse and use the Service and may help us or
others provide reports or personalized content and ads.”

The device identifier on your smart phone is the easiest way to identify you and allows them to track certain user behavior.

FaceApp responds to privacy concerns

In a statement first reported by Techcrunch, Faceapp says, “We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.”

They go on to say, “We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.”

The Security Advisers at Accorian recommend that users exercise caution while using this application. 

If you are concerned about the app having access to your data, you can change the permission settings on your smart phone or you can just delete it.

Feel free to contact Accorian if you have any questions about this application.