The Russian face transformation app FaceApp is again in the spotlight, this time for privacy risks. Of concern is that the app has permission to access any photo on users’ smartphones, not just the one being transformed, and that photos are being uploaded to Russian servers.
What is FaceApp?
FaceApp is a mobile app for iOS and Android that was launched in January 2017 by the Russian company Wireless Lab, which is based in St Petersburg. The app transforms people’s faces in photographs to make them smile, look younger or older, and to change their gender. It does this by using predefined filters that come with the app.
The app also had a filter that changed people’s ethnicity. However, this filter was quickly removed when FaceApp was confronted with a huge backlash for being racist. The ethnicity filter changed people’s faces in photos to look more black, Asian, Indian or Caucasian, or to lighten their skin tone.
FaceApp uses artificial intelligence based neural networks, to transform the faces in the photographs. The transformations it generates are so realistic that it is impossible to tell the original photo from the doctored one. The app went viral in 2017 and now has more than 80 million active users.
What are the Alleged Privacy Risks of FaceApp?
FaceApp has attracted criticism from the press and social media of late, who allege that the app poses privacy risks for its users. Privacy concerns stem from the fact that the app could upload all photos on the users’ smartphone, not just the one to be transformed. Furthermore, it could do this without requiring any obvious permission from the user.
The fact that FaceApp is a Russian mobile app, makes these concerns even more troubling to the users. The app loads the photo(s) to be transformed onto FaceApp servers to apply the selected filter. This raises the questions as to what is done with the photos on the server once the transformation is complete and where are the servers located.
Does FaceApp keep the photos and if so, what does it do with them? Are they sold to or shared with third parties? Could Russian intelligence or police agencies demand access to the photos if FaceApp’s servers are located in Russia?
Are FaceApp Privacy Fears Founded?
Research into these questions found that FaceApp only appears to load submitted photos to its servers. All the rest are not touched, although the app has access to them. It also found that FaceApp data servers are mostly based in America not in Russia. Consequently, Russian government agencies would find it difficult to get information from these US based servers, thus reducing FaceApp’s privacy risk.
Thomas Brewster, Associate editor at Forbes covering cybercrime, privacy, security and surveillance said: “No, FaceApp isn’t taking photos of your face and taking them back to Russia for some nefarious project. At least that’s what current evidence suggests.”
However, as the company is based in St Petersburg, the photos would be viewed and processed in Russia. Furthermore, there is nothing stopping FaceApp from mirroring data on US servers to their own Russian based company servers.
What should Concerned Users Do?
Users concerned that FaceApp might pose a risk to their privacy are advised to remove the app from their smartphone. If not, check FaceApp’s privacy settings to ensure as much information as possible from the smartphone remains private. Go to FaceApp’s settings and change what the app is allowed to access.
Furthermore, FaceApp founder Yaroslav Goncahrov said that users can request that all their user data be deleted. This can be done by going into settings, then support and reporting a bug using the word “privacy” in the message’s subject line. However, just because a user requests that their photo be deleted, it doesn’t mean that it will be deleted. There is no way to check that it has been done.
More tips on how you can safeguard your privacy on an iPhone can be found in the article Take Charge of Your Privacy Settings on an iPhone or iPad. For Android smartphones go to the article Guard Your Privacy on Android Devices.