Privacy: Can You Trust FaceApp With Your Face?

Uploaded on 2019-07-23 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

FaceApp is an app that can edit photos of people's faces to show younger or older versions of themselves.  The fashionable smartphone software used to simulate the effects of ageing on its users' features is at the centre of a global cybersecurity row with majors concerns expressed over its terms and conditions. 

Thousands of people are sharing the results of their own experiments with the app on social media. While such clauses are not dissimilar to those used by other social media firms, the company’s Russian background stoked fears it could be vulnerable to abuse. 

They argue that the company takes a cavalier approach to users' data - but FaceApp said in a statement most images were deleted from its servers within 48 hours of being uploaded. The company also said it only ever uploaded photos that users selected for editing and not additional images.

What is FaceApp?
FaceApp is not new. It first hit the headlines two years ago with its "ethnicity filters". These  transform faces of one ethnicity into another - a feature that sparked a backlash and was soon dropped. The app can, however, turn blank or grumpy expressions into smiling one and it can manipulate styles of make-up. This is done with the help of artificial intelligence (AI). An algorithm takes the input picture of your face and adjusts it based on other imagery.

So what's the problem?
Eyebrows were raised lately when app developer Joshua Nozzi tweeted that FaceApp was uploading troves of photos from people's smartphones without asking permission, however, a French cyber-security researcher who uses the pseudonym Elliot Alderson investigated Mr Nozzi's claims , finding that no such bulk uploading was going on - FaceApp was only taking the specific photos users decided to submit. FaceApp confirmed to BBC reporters that only the user-submitted photo is uploaded.

Other researchers have speculated that FaceApp may use data gathered from user photos to train facial recognition algorithms. This can be done even after the photos themselves are deleted because measurements of features on a person's face can be extracted and used for such purposes. Some question why FaceApp needs to upload photos at all when the app could in theory just process images locally on smartphones rather than send them to the cloud.

In FaceApp's case, the server that stores user photos is located in the US. FaceApp itself is a Russian company with offices in St Petersburg. From a business perspective, hiding the photo processing code in their server makes it hard for potential competitors from copying. It also makes piracy harder

Before using FaceApp for taking our photos of your own, its worth reading FaceApp's privacy policy which suggests some user data may be tracked for the purposes of targeting ads. The app also embeds Google Admob, which serves Google ads to users.

FaceApp's CEO, Yaroslav Goncharov told the BBC that  terms in FaceApp's privacy policy were generic and denies that the company shares any data for ad-targeting purposes, as the business model is to make money from paid subscriptions for premium features.

What else does FaceApp have to say?
Mr Goncharov shared a company statement that said FaceApp only uploads photos selected by users for editing. "We never transfer any other images," he said in a  statement.

"We might store an uploaded photo in the cloud....The main reason for that is performance and traffic: we want to make sure that the user doesn't upload the photo repeatedly for every edit operation....Most images are deleted from our servers within 48 hours from the upload date."

The statement said that while FaceApp accepts requests from users to have their data deleted, the company's support team was currently "overloaded". FaceApp advises users to submit such requests through settings, support, "report a bug" and add "privacy" in the subject line. User data was not transferred to Russia, the statement added.

The UK's Information Commissioner's Office (ICO) told BBC News it was aware of stories raising concerns about FaceApp and that it would be considering them.

"We would advise people signing up to any app to check what will happen to their personal information and not to provide any personal details until they are clear about how they will be used," a spokeswoman for the ICO said.

BBC:       Telegraph:        CNET:

You Might Also Read: 

Limit The Duration Google Holds Your Data:

Get Ready For ePrivacy Regulation:

 

 

« Russian FSB Hacked: "Largest data breach in its history"
Business Leaders Are Ignoring Cyber Risks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.

LMNTRIX

LMNTRIX

LMNTRIX eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyberattacks.