How Invasive Are Face Transforming Apps – A Privacy Disaster Waiting to Happen?

Young man being turned into an old man by a face transforming app

Almost everyone has used a face-transforming app at least once, from predicting how they’ll look in 20 years to touching up a selfie before posting it on Instagram. But just how safe is your data in the hands of these apps?

When it comes to playing around with Oldify or Facetune, it may be tempting not to care about your data security. After all, these apps are being used by everyone, from Brie Larson to your co-workers. If the use of these apps is so widespread, should we even still worry about our data?

The answer is yes. While face-transforming trends seem harmless, a large number of popular apps we use actually collect an alarming amount of data — and it’s unclear how that data is being used.

For this article, we took a look at the privacy policies of the most downloaded face-transforming apps on both Google Play Store and Apple App Store. Here’s what we found out.

Key Findings

  • 38 out of 40 apps will ask for data that isn’t essential to the services they provide.
  • Aging apps like Oldify and InPhoto collect the most data, including app usage data, financial info, and social media info.
  • Most face-transforming apps will only retain your pictures until they are processed, after which the photos are allegedly deleted.
  • None of the apps claim to hold the right to sell user-uploaded pictures, although there are apps whose privacy policies don’t state whether or not they do.
  • 25% of the apps we studied were made by companies based in China, while 30% were made by companies based in the United States.
  • Of the forty apps we studied, 68% collected location data from their users.
  • 40% of the apps collected user content despite being mainly photo-editing and filter apps.
  • TikTok collects data across all eight categories, while Snapchat collects all but a user’s financial info.
  • Considered a “Russian app,” FaceApp use has been warned against by the FBI.
  • Google-owned app Snapseed only deletes user photos after a user files a request.
  • Five out of eight body-editing apps are made by China-based companies.

Why Do Face-Transforming Apps Need Your Data?

Apps need access to data so they can provide the services they advertise. So TikTok, for example, will ask for permission to use your camera for you to record a video. A photo-editing app will require access to your gallery, so you can edit the photos as you wish.

Facebook Privacy Laptop Lock

However, many apps will also ask for data that isn’t essential for the services they provide. Of the forty apps we studied, 68% collected location data from its users, while 40% of the apps collected user content despite being mainly photo-editing and filter apps.

This doesn’t mean these apps are data-miners in disguise. It’s worth noting that sometimes, developers end up requiring certain data while trying to make an app.

Even so, we should stay vigilant and critical about what kind of data these apps are collecting and where they may be using them. “Free” apps and services still need to make money. So if users aren’t paying for their services, that means they’re making that money a different way — usually by providing data.

In 2019, Facebook faced a data breach when hackers scraped user data and posted the personal information of over 530 million users on the dark web — including millions of contact numbers. The social media company faced even more backlash after they decided not to let users know about the breach.

This scenario is a good illustration of how much control companies have over user data — and why we should remain cautious about which apps we trust and what data we trust them with.

A Closer Look at Face-Transforming Apps

We took a look at the most downloaded apps on both Google Play Store and Apple App Store and divided them into five categories: 1. aging apps, 2. gender-swap apps, 3. beautifying apps, 4. face-swap apps, and 5. body-editing apps.

We then dug through each app’s privacy policy, identifying the types of data they collected and for how long they retain this data.

From there, we identified eight data points:

  • Contact Info – User phone contacts
  • Financial Info – Credit/debit card information
  • Camera and Photos – Access to camera and photo gallery
  • Social Media Info – Publicly available information on any linked social media accounts
  • Location Info – Exact user location
  • User Content – All content generated using the app
  • Personal Data – Personally identifiable information, such as first name and surname, address, and phone number
  • Usage Data – Data on how the user interacts with the app, such as how many times they’ve used it and what features they’ve used

An important detail we looked at is photo retention. Since these apps are centered around transforming photos, we looked at three variables:

  • Do they store photos?
  • How long do they store user photos?
  • Do they sell user photos?

With the methodology out of the way, let’s look at how invasive face-transforming apps can be.

Graph-Data hungry face-transforming apps


Aging apps

What they do: Aging apps show users what they’ll look like in a few decades. Some apps also offer the option to age backward, guessing what your face looked like when you were younger.

Popular apps (and the number of downloads in case that info is available):

Aging apps proved to be the most intrusive of all five app categories we investigated, with all eight apps tracking user location and usage data.

Table-What kinds of data do aging apps collect

Oldify collects the most data out of all the apps we studied, coming in second after TikTok and Snapchat — both of which are social media apps, not just photo-editing apps. Social media apps usually require more data to function correctly. Meanwhile, photo-editing apps shouldn’t require any more than access to a user’s camera and photo gallery. Oldify’s privacy policy states that it may also disclose personal data to its parent companies and subsidiaries.

When it comes to photo retention or sale, most of the aging apps stated they store the pictures either locally (a.k.a. on your phone) or on their servers. A few of them, however, don’t clarify how exactly they store user-uploaded photos.

Table-What do aging apps do with your photos

Aging apps gained popularity alongside FaceApp when posting “aged” photos became trendy on social media. Celebrities like Miley Cyrus, The Rock, and Gordon Ramsay participated in the “FaceApp challenge,” helping popularize these apps.


Gender-swap apps

What they do: Gender-swap apps let you see what you would look like as the opposite gender.

Popular apps (and the number of downloads in case that info is available):

Table-What kinds of data do gender-swap apps collect

When narrowing the list of gender swap apps, we sorted by popularity and rating in order to correctly identify the most downloaded apps in this category. As a result, we have two social media platforms on the shortlist: TikTok and Snapchat.

Unsurprisingly, the two scored high on data-tracking. TikTok collects data across all nine categories, while Snapchat collects all but a user’s financial info.

TikTok, which has raised privacy concerns in the past, stores user content indefinitely. Users under the age of 13 can request to have all their data deleted.

Snapchat, on the other hand, only stores “disappearing photos” until they are delivered to the intended recipient. Photos saved in Snapchat’s “memories” feature are stored until deleted by the user.

FaceApp, another popular application, has previously raised cause for concern. Considered a “Russian app,” its use has been warned against by the FBI, even though it collects less data than other apps, such as California-based Snapchat, for example.

Table-What do gender-swap apps do with your photos


Beautifying apps

What they do: Beautifying apps can alter face structure, add makeup, and even change your hair.

Popular apps (and the number of downloads in case that info is available):

Table-What kinds of data do beautifying apps collect
FaceTune is perhaps one of the most recognizable applications out there, having found a market in celebrities and influencers. The Israel-based editing app only deletes user photos after a user files a request.

Another beautifying app follows the same protocol: the Google-owned app Snapseed, which has over 100,000,000 downloads. Unlike the other apps on this list, Snapseed offers a full range of editing features, such as cropping and adjusting white balance, which explains its high number of downloads.

Beauty Plus is another app with user downloads in the hundred thousands, but it comes with an alarming feature: it uses facial recognition, although it claims that this technology can’t be used to identify anyone.

Despite users’ worries that beautifying or “digital plastic surgery” apps are ruining people’s body image, these apps remain incredibly popular. The Guardian reported that FaceTune sold over 10 million copies in 2017, making it Apple’s most popular paid app that year.

Table-What do beautifying apps do with your photos


Face-swap apps

What they do: Celebrity face-swap apps allow you to “become” your favorite celebrity, replacing their face with your own. These apps are known to have similarities to deepfake apps.

Popular apps (and the number of downloads in case that info is available):

Table-What kinds of data do face-swap apps collect
Face-swap apps don’t collect the most data out of the five app categories, but they still collect location information and browsing history.

On the plus side, these apps collect the least amount of personal data; only FACEinHOLE stated they acquire this kind of information.

Five of the eight apps we studied were made by US-based companies. In fact, three apps (FaceStar App, Facebrity: Face Swap App, and FaceOscar) were made by the same company: Visionborne, Inc.

FaceOscar doesn’t appear to have a privacy policy as of publication time. This isn’t a good sign, as it means its users have no way of knowing what kind of data this app saves and how it is used.

Table-What do face-swap apps do with your photos

Face-swapping has been a popular meme since before the advent of face-swap apps. However, the trend gained traction as social media apps offered a quick and easy way to swap faces without the use of Photoshop or other complicated editing tools.


Body-editing apps

What they do: Body-editing apps are mostly used to give users the “ideal” body shape by adding muscle, reshaping certain parts, or slimming down the body.

Popular apps (and the number of downloads in case that info is available):

Table-What kinds of data do body-editing apps collect

Together with face-swap apps, body-editing apps store the least amount of data. Similar to other applications, they don’t disclose how they process photos or how these photos are handled afterward.

These apps also still collect user location data. Only one app out of eight stated they don’t acquire this information, while one other app is unclear about whether or not they do.

Five out of eight apps are made by China-based companies, with four apps (Manly – Best Body Editor, Face & Body Editor: Everlook, BodyApp – Best Body Editor, Photable) belonging to the same company: Alpha Mobile Limited.

Table-What do body-editing apps do with your photos


Limitations of the Research

It’s worth noting that some of these apps could belong in more than one category. Snapchat and TikTok, for instance, offer different filters: one lets you swap faces with another person; another “gender-swaps” you from male to female, or vice-versa.

We retrieved information about the apps from the Google Play Store and the Apple App Store. However, we often found that the information about the apps was limited.

For this study, we took a sample of eight apps for each category, which may alter the real picture of the numbers if this was done across a larger scale. However, these apps are the most popular and therefore the most used — as such, we deemed these numbers most important.

On Google Play Store, some apps’ number of downloads wasn’t publicly disclosed, and Apple doesn’t publish the number of downloads per app at all. The approximate number of downloads was taken from Google Play Store.

Protect Your Data while Using Face-Transforming Apps

safetyIt’s easy to say we should stop using face-transforming apps, but sometimes, it simply can’t be avoided. Friends could insist on one of these apps to take selfies with you, or maybe you don’t want to miss out on future trends.

Is there a way to have fun with these photo-editing apps while still protecting yourself? Up to some degree, yes. Here’s what you can do to protect your data while using TikTok, Snapchat, FaceTune, and other apps.

1. Download reputable apps from official sources

When downloading any mobile app that handles a large amount of data (such as social media apps, food delivery apps, games), make sure that they are the official apps made by their respective companies.

Similarly, ensure you download only from official sources, like Google Play Store, Apple App Store, or the company or developers’ website.

Additionally, make it a habit to double-check the following information:

  • The app developer: Check to see if the app developer is legitimate. Some apps may be similarly named to the app you’re looking for; looking up the developer name should clue you in that you’re looking at the wrong app page.
  • User reviews: No app has only five-star ratings. If all the reviews are overwhelmingly positive, they may be fake reviews planted by the developer.
  • App release date: Generally, apps that have been around longer tend to be more stable and trustworthy. This isn’t true for all apps, however; some may no longer be in development, so make sure to check the date the app was last updated, as well.

2. Keep software updated

Keeping the software you use up-to-date is a no-brainer. Not only does this improve the overall experience you have with the app, but it also keeps your data more secure.

Apps often launch updates due to bugs and vulnerabilities they found upon testing, so always keep up with the newest updates on the software you use.

3. Use a VPN

VPN-connection-internet

Using a virtual private network (VPN) comes with many benefits, and one of the more prominent ones is guarding your privacy online.

With the help of a VPN, not only will you be able to hide your IP address (especially important if you’re using a public network), but you can also encrypt your data traffic, download files anonymously, and bypass government censorship, among other things.

VPNs are also useful for hiding your real location to safeguard you from apps that collect your location data. Note, however, that a VPN can only do so much. Apps that use GPS tracking will still be able to track your location, even if you try to mask your IP address or location.

We regularly review VPN services to determine which ones are the best at keeping your data secure, with ExpressVPN and NordVPN topping our list.

4. Limit the information on your social media

Whether it’s the Facebook-Cambridge Analytica scandal or the LinkedIn data “breach” (which turned out to be a scrape), social media has long been affiliated with data insecurity and misuse.

Many apps ask for access to your social media accounts or offer registration through your social media. To prevent your data from being accessed by third parties, minimize the information you provide on social platforms or opt-out of social media sign-in altogether.

If you’re looking to make registering and signing in to accounts easier, we have listed the five very best, highly-trusted password managers here.

5. Research the app and be mindful of permissions

Not everyone has the time to either research the company behind an app or go through its terms and conditions. However, a quick Google search and read-through of the apps’ permissions will only take two minutes of your time and may save your information in some cases.

Be mindful of what the app is for and what it’s asking to access; if the data they want isn’t necessary for the app to function, then this app may very well be unsafe. For instance, many food delivery apps collect lots of data, which does pose a slight security risk.

Data Privacy in the Age of Face-Transforming Apps

Face-transforming apps are widespread and popular, but that doesn’t mean we should stop being critical about how they handle our data. When hopping on new trends or having fun with your selfies, make sure to double-check how trustworthy an app is — and take extra steps to protect your online privacy.

As these apps collect all kinds of data — ranging from location data to a user’s phone contacts — make sure to always download from official sources, keep your apps up-to-date, use a VPN, and limit the information you post online.

Author
Cybersecurity Researcher
Arta is a content marketer and cybersecurity researcher that works on public relations and original research at VPNOverview. She's been in the marketing industry for a few years and is now focused on researching all aspects of online safety and security.
Author
News & Tech Editor
Nica is a news and tech editor at VPNOverview. She has an educational background in journalism and has worked in content marketing across several industries, including finance and cybersecurity.