FaceApp Privacy Concerns Explained – Safe to Use or a Russian Threat?

We investigate the privacy concerns surrounding FaceApp, the popular face transformation app, including its Terms of Use, and the rumors of Russian spies.

Lynne was sad when I talked to her. She had arrived at the club ready to show off a cool app her son had told her about.

“I was so excited. I was going to take pictures of everyone and show them what they would look like when they got old. But when I tried, people covered their faces and told me to go away. One guy yelled at me,” she said, looking about ready to cry.

“Then somebody told me that this fun little app was made by Russian spies and they were going to put my face on a naked woman’s body and blackmail me. Now all I want to know is how to get my pictures out of this thing!”

While the scene above may not be real, by now you’ve probably heard many similar stories and rumors in regards to FaceApp. Depending on who you talk to, this free app could be anything from a fun toy to a major violation of your privacy, even a national security threat.

faceapp featured
What is FaceApp?

Are Russian spies secretly using this app as a way to get our photos, blackmail us with simulated porno, and hack our bank accounts or the biometric security at our place of employment? Is this a totally harmless application being smeared simply because of where the developers live?

What exactly is going on, and why is the whole world talking about this 2-year old app all of a sudden?

In this article, we’ve tried to sort out the truth from the rumors and the hysteria. We’ll share what we’ve learned about the whole thing, and point out some lessons that may help us all avoid freaking out in the future.

But first, in case you are new to the FaceApp panic, let’s start at the beginning.

What is FaceApp?

FaceApp is an app for Android or iOS devices. If you feed it a photo of a face, it uses artificial intelligence algorithms to alter that face. Originally launched in 2017, FaceApp could do things like give you a beard, or show you what you might look like if you were of the opposite sex.

FaceApp Samples
FaceApp Samples

Sounds cool, right? I saw this app in action for the first time a few months ago, long before the sudden viral panic that hit in mid-July, 2019. The app itself is impressive. The AI that generates the modified faces generates lifelike results that can be hard to distinguish from a regular photo. But this doesn’t explain the sudden panic.

Why Is Everyone so Worked up All of a Sudden?

Recently FaceApp hit the top of the charts in both the Android and iOS app stores. It seems the thing that triggered the surge was the addition of the ability to age a face by approximately 30 years. Apparently, a lot of people want to see what they (or their spouse?) might look like in a few decades.

Still, this doesn’t seem a valid reason for panic.

The panic apparently started on July 15, when a guy named Joshua Nozzi tweeted that FaceApp was uploading your photos without your permission. On the 16th, his tweet got picked up by several tech websites and boom! Viral panic.

Things went crazy, despite Nozzi posting on the 17th that he had been mistaken and offering a full apology to FaceApp, and the entire Internet. It turns out that the app was working exactly as it was supposed to on iOS. You can see Mr. Nozzi’s writeup on what happened here.

The original tweet and the articles it spawned led to investigations by internet security experts, as well as interviews with the publishers of FaceApp. If you want all the gory details, you can get them at TechCrunch, one of the first sites to pick up the story.

Instead of walking you through all the back and forth craziness that occurred, let’s cut to the end of the story. What did we learn?

No Signs of Malicious Behavior

Elliot Alderson, an internet security expert, analyzed the traffic that flows between FaceApp and the rest of the world. He showed that photos only get sent from the app when selected, and only the specific photo you selected gets sent. Another who confirmed these findings was Will Strafach, the CEO of GuardianApp.

This removes the fear that FaceApp is uploading all of your photos.

But once people started examining this app, they brought up a few additional worries.

What? They Are Uploading My Photos to the Cloud?

The AI system that processes your photos is big and powerful, too big and powerful to live on your phone. The processing is done elsewhere. However, Elliot Alderson confirmed that the “elsewhere” in this case turns out to be Amazon Web Services (AWS) as well as some Google Cloud services.

upload to cloud
Are images uploaded to the Cloud?

This turns out to be more important than you might expect, thanks to minor detail. The developers of FaceApp are based in Saint Petersburg, Russia!

Russia, Russia, Russia!

You’re surely aware of the political insanity that has been going on in the United States since the election of President Donald Trump. Despite the multi-year investigation by Robert Mueller, there are still people in powerful positions who believe (or claim to believe for political purposes), that the Russians got Donald Trump elected, and that the Russians are responsible for everything bad in the world.

So we shouldn’t be surprised that the fact that FaceApp was developed in Russia would cause some people to get excited. On July 17, Reuters reported that:

“U.S. Senate minority leader Chuck Schumer called on the FBI and the Federal Trade Commission to conduct a national security and privacy investigation into FaceApp, a face-editing photo app developed in Russia, in a letter sent on Wednesday.”
Reuters
Reuters

Reuters also reported that the Democratic National Committee advised their Presidential candidates not to use the app. After all, it came from the Russians.

The reality of the situation is that as of now, no one has been able to show that photos processed by FaceApp get sent to Russia, much less end up in the hands of spies or the Russian government.

When questioned about this by TechCrunch, Yaroslav Goncharov, the Founder of FaceApp, explained that the photos are processed in the cloud using AWS and Google Cloud, and not sent to Russia.

The FaceApp Terms of Use

While FaceApp doesn’t seem to be doing anything nefarious, a look at its Terms of Use is troubling. At the time of this article, section 5 of the Terms of Use included the following paragraphs:

faceapp terms of use 1

In other words, it seems that by using FaceApp, you are granting the publisher the right to do anything it wants with your images, with no compensation or notification to you. This portion of the Terms of Use is annoying, but there is nothing illegal about it.

FaceApp doesn’t appear to be doing anything wrong with your photos, but these Terms of Use do open the doors to future uses that you wouldn’t like.

The moral here is that you should read and understand the Terms of Use of any apps that you suspect could infringe on your privacy. But not everyone agrees with this common-sense approach…

User Reactions Are Troubling

While researching this article, we ran into some comments that we found troubling. To paraphrase very broadly, we saw several users whose biggest complaint about FaceApp seemed to be all the annoying people making such a big deal about privacy.

angry mob
User Reactions

They complained about privacy freaks not understanding that regular people will happily trade privacy for convenience and hate all that annoying security stuff that gets in the way of playing with some new app. The idea seems to be that users already give away everything for free on Facebook and other social media, so stop annoying them with concerns about privacy.

While we don’t know exactly who was making these comments, it will be interesting to see if these attitudes change over time.

Removing Your Photos From the FaceApp Servers

While Mr. Goncharov says that photos are typically removed from the FaceApp servers within 48 hours, we’ve seen that its Terms of Use do allow them to keep photos indefinitely. If you want to get your photos removed, you can follow these steps:

  • Step 1: In the mobile app, select Settings, then Support, then Report a bug.
  • Step 2: In the Subject line of the message window that appears, enter the word, ‘privacy.’
  • Step 3: In the body of the message, ask that your photos be removed.

Mr. Goncharov says that the support staff is overloaded right now, so it may take a while for your photos to be deleted from the system.

Alternately, you can wait for FaceApp to complete work on a more efficient way to remove your photos.

Conclusion – Read the Privacy Policies and Terms of Use Before Installing Apps

So what’s the bottom line on this? The panic over FaceApp is overblown. The developers don’t seem to be doing anything bad with the photos you run through their system.

Conclusion
Conclusion

That said, the Terms of Use do seem to take more rights than are necessary and could lead to privacy problems in the future. If you are concerned, you can follow the steps listed above to request that your photos be removed from the system (in case they have not been removed automatically).

As annoying as it will be, the best thing you can do is read all the legalese that comes with an app. If you don’t like the terms, don’t install the app.

References

BitStarz Player Wins Record-Breaking $2,459,124! Could you be next to win big? >>>
Blokt is a leading independent privacy resource that maintains the highest possible professional and ethical journalistic standards.

LEAVE A REPLY

Please enter your comment!
Please enter your name here