By now you’ve probably heard about FaceApp, the latest smartphone craze sweeping the world. While the app has been around since 2017, it recently became a sensation thanks to an AI filter that can make you look old.
Just upload a photo of yourself and FaceApp will add grey hairs, wrinkles, and droopy skin, leaving you with a surprisingly natural look at your older self.
The aged-up results have taken over the internet for the past week or so, thanks to the “#FaceAppChallenge.” Most celebrities have gotten in on the action, it’s the talk of offices everywhere, and even if you don’t have the app or use a smartphone, someone’s probably brought it out at a party.
Who can resist getting in on the latest fun trend, and get an eerie prediction of their future selves? But privacy experts are now warning that you probably should resist the app—or at least, know what you’re agreeing to when you upload that pic.
With the app blowing up and topping sales charts, many privacy experts have done some digging into just how the app handles all those photos—and the results raised some serious eyebrows.
For one thing, there’s the terms of service every user agrees to, which gives the company an eerily broad legal usage rights to your photos:
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your (username), location or profile photo) will be visible to the public.”
If you use Face App you are giving them a license to use your photos, your name, your username, and your likeness for any purpose. #FaceApp #FaceAppChallenge pic.twitter.com/6xcJ6Anfi4
— Advovo Wabantu (@AdvovoWabantu) July 17, 2019
It’s not really breaking news that apps and social media platforms have more access to our data than they let on, nor that they hide these terms in the user agreement no one actually reads.
But FaceApp uploads your selected photos to a cloud server, raising concerns that the company now has a giant database of photos from unsuspecting users. And with their terms of service, they have a broad legal right to use them however they want.
It was also rumored that the app tries to upload a user’s entire camera roll, though tests find no evidence of this.
HOWEVER: they do appear to upload single images in order to apply the filters server-side. while not as egregious, this is non-obvious and I am sure many folks are not cool with that.
— Will Strafach (@chronic) July 17, 2019
The app doesn’t notify users that their photos are being added to the cloud, nor is there a way to reverse it—deleting the app won’t delete your pics from their servers.
Then there’s the fact that FaceApp is a Russian company—and that, as of late 2018, they are operating from a business center run by the Russian government.
NEW: Late in 2018, #FaceApp moved to the Skolkovo Innovation Center run by the Russian government. pic.twitter.com/u8LBsHpGbQ
— Forensic News (@forensicnewsnet) July 17, 2019
Connecting the dots, it starts to look like a foreign government using a fun novelty app to gain access to a giant database of our faces.
Washington politicians are now calling on an investigation into the app, including Senate Minority Leader Chuck Schumer:
BIG: Share if you used #FaceApp:
The @FBI & @FTC must look into the national security & privacy risks now
Because millions of Americans have used it
It’s owned by a Russia-based company
And users are required to provide full, irrevocable access to their personal photos & data pic.twitter.com/cejLLwBQcr
— Chuck Schumer (@SenSchumer) July 18, 2019
But in response to the privacy concerns, FaceApp’s CEO Yaroslav Goncharov has responded, clarifying a few things which might put some regretful users at ease.
In an email exchange with the Washington Post, Goncharov stated that while the terms of service do give the company a broad license to use users’ photos, they were not being used for anything outside the app’s intended use.
He said the photos are uploaded to the cloud for the sake of making the app run more smoothly, and that “most” photos were deleted within 48 hours. And while the team is based in Russia, your data doesn’t go there: he told TechCrunch that the app’s storage and cloud processing is done via Amazon Web Services and Google Cloud.
But for users still concerned about how the company is using their selfies, Goncharov offered a way to delete your data from the app, albeit a slightly convoluted one:
“For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line,” he told the Post.
So don’t worry too much if you couldn’t resist the trend—it doesn’t seem like the selfie you chose to age is going to show up in a facial recognition software or a Russian billboard (and honestly, they’d probably go with the Jonas Brothers before you, right?)
Most web services require a trade off in privacy, and FaceApp doesn’t seem to be any more malicious with your data than commonly-used services like Facebook and Google (although they did once have “ethnicity filters” that were decried as racist—not a great move there.)
But what if FaceApp was an evil conspiracy? Countless people downloaded the app without thinking, took their photos and only became concerned about privacy after the fact. The lesson here: remember to find out exactly what you’re signing onto when you use a new app.
And just make sure you’re using the real FaceApp, and not one of the knockoffs that have popped up—those are the real danger.
Share this info with friends!