Lynne was sad when I talked to her. She had arrived at the club ready to show off a cool app her son had told her about.
“I was so excited. I was going to take pictures of everyone and show them what they would look like when they got old. But when I tried, people covered their faces and told me to go away. One guy yelled at me,” she said, looking about ready to cry.
“Then somebody told me that this fun little app was made by Russian spies and they were going to put my face on a naked woman’s body and blackmail me. Now all I want to know is how to get my pictures out of this thing!”
While the scene above may not be real, by now you’ve probably heard many similar stories and rumors in regards to FaceApp. Depending on who you talk to, this free app could be anything from a fun toy to a major violation of your privacy, even a national security threat.
Are Russian spies secretly using this app as a way to get our photos, blackmail us with simulated porno, and hack our bank accounts or the biometric security at our place of employment? Is this a totally harmless application being smeared simply because of where the developers live?
What exactly is going on, and why is the whole world talking about this 2-year old app all of a sudden?
In this article, we’ve tried to sort out the truth from the rumors and the hysteria. We’ll share what we’ve learned about the whole thing, and point out some lessons that may help us all avoid freaking out in the future.
But first, in case you are new to the FaceApp panic, let’s start at the beginning.
What is FaceApp?
FaceApp is an app for Android or iOS devices. If you feed it a photo of a face, it uses artificial intelligence algorithms to alter that face. Originally launched in 2017, FaceApp could do things like give you a beard, or show you what you might look like if you were of the opposite sex.
Sounds cool, right? I saw this app in action for the first time a few months ago, long before the sudden viral panic that hit in mid-July, 2019. The app itself is impressive. The AI that generates the modified faces generates lifelike results that can be hard to distinguish from a regular photo. But this doesn’t explain the sudden panic.
Why Is Everyone so Worked up All of a Sudden?
Recently FaceApp hit the top of the charts in both the Android and iOS app stores. It seems the thing that triggered the surge was the addition of the ability to age a face by approximately 30 years. Apparently, a lot of people want to see what they (or their spouse?) might look like in a few decades.
Still, this doesn’t seem a valid reason for panic.
The panic apparently started on July 15, when a guy named Joshua Nozzi tweeted that FaceApp was uploading your photos without your permission. On the 16th, his tweet got picked up by several tech websites and boom! Viral panic.
Things went crazy, despite Nozzi posting on the 17th that he had been mistaken and offering a full apology to FaceApp, and the entire Internet. It turns out that the app was working exactly as it was supposed to on iOS. You can see Mr. Nozzi’s writeup on what happened here.
The original tweet and the articles it spawned led to investigations by internet security experts, as well as interviews with the publishers of FaceApp. If you want all the gory details, you can get them at TechCrunch, one of the first sites to pick up the story.
Instead of walking you through all the back and forth craziness that occurred, let’s cut to the end of the story. What did we learn?
No Signs of Malicious Behavior
Elliot Alderson, an internet security expert, analyzed the traffic that flows between FaceApp and the rest of the world. He showed that photos only get sent from the app when selected, and only the specific photo you selected gets sent. Another who confirmed these findings was Will Strafach, the CEO of GuardianApp.
There is few calls to their backends:
– Get hosts
– Get demo data
– Register your device
— Elliot Alderson (@fs0c131y) July 16, 2019
This removes the fear that FaceApp is uploading all of your photos.
But once people started examining this app, they brought up a few additional worries.
What? They Are Uploading My Photos to the Cloud?
The AI system that processes your photos is big and powerful, too big and powerful to live on your phone. The processing is done elsewhere. However, Elliot Alderson confirmed that the “elsewhere” in this case turns out to be Amazon Web Services (AWS) as well as some Google Cloud services.
This turns out to be more important than you might expect, thanks to minor detail. The developers of FaceApp are based in Saint Petersburg, Russia!
Russia, Russia, Russia!
You’re surely aware of the political insanity that has been going on in the United States since the election of President Donald Trump. Despite the multi-year investigation by Robert Mueller, there are still people in powerful positions who believe (or claim to believe for political purposes), that the Russians got Donald Trump elected, and that the Russians are responsible for everything bad in the world.
So we shouldn’t be surprised that the fact that FaceApp was developed in Russia would cause some people to get excited. On July 17, Reuters reported that:
Reuters also reported that the Democratic National Committee advised their Presidential candidates not to use the app. After all, it came from the Russians.
The reality of the situation is that as of now, no one has been able to show that photos processed by FaceApp get sent to Russia, much less end up in the hands of spies or the Russian government.
When questioned about this by TechCrunch, Yaroslav Goncharov, the Founder of FaceApp, explained that the photos are processed in the cloud using AWS and Google Cloud, and not sent to Russia.
User Reactions Are Troubling
While researching this article, we ran into some comments that we found troubling. To paraphrase very broadly, we saw several users whose biggest complaint about FaceApp seemed to be all the annoying people making such a big deal about privacy.
They complained about privacy freaks not understanding that regular people will happily trade privacy for convenience and hate all that annoying security stuff that gets in the way of playing with some new app. The idea seems to be that users already give away everything for free on Facebook and other social media, so stop annoying them with concerns about privacy.
While we don’t know exactly who was making these comments, it will be interesting to see if these attitudes change over time.
Removing Your Photos From the FaceApp Servers
- Step 1: In the mobile app, select Settings, then Support, then Report a bug.
- Step 2: In the Subject line of the message window that appears, enter the word, ‘privacy.’
- Step 3: In the body of the message, ask that your photos be removed.
Mr. Goncharov says that the support staff is overloaded right now, so it may take a while for your photos to be deleted from the system.
Alternately, you can wait for FaceApp to complete work on a more efficient way to remove your photos.
So what’s the bottom line on this? The panic over FaceApp is overblown. The developers don’t seem to be doing anything bad with the photos you run through their system.
As annoying as it will be, the best thing you can do is read all the legalese that comes with an app. If you don’t like the terms, don’t install the app.