FaceApp, a Russia-based app that applies filters to photos, is having another moment in the spotlight this week. The app first went viral in 2017, but this time it’s catching on because of a filter that makes users look older or younger.
As with the last viral moment, however, users have been surprised to learn that the app’s creators are harvesting metadata from their photos.
Close research suggests FaceApp isn’t doing anything particularly unusual in either its code or its network traffic, so if you’re worried about FaceApp, there are probably a bunch of other apps on your phone doing the same thing. Still, the conversation does bring attention to standard tech practices that might be more invasive than users realize.
Christ, I don’t wanna get old pic.twitter.com/uf1oDguvd8
— Tom Warren (@tomwarren) July 16, 2019
Theoretically, FaceApp could process these photos on the device itself, but Yaroslav Goncharov, an ex-Yandex exec and CEO of the Russian company that created the app, previously told The Verge that photos uploaded to the app are stored on the company’s servers to save bandwidth if several filters are applied and that they get deleted not long after. In a statement to TechCrunch, FaceApp said it accepts requests from users to remove their data from its servers. The team is currently “overloaded,” but users can send the request through Setting>Support>Report a bug with the word “privacy” in the subject line.
using a network traffic analyzer, I tried to replicate the thing people are talking about with FaceApp allegedly uploading your full camera roll to remote servers, but I did not see the reported activity occur.
here is marlo stanfiekd with a beard though pic.twitter.com/6wy8cHLNuA
— Will Strafach (@chronic) July 17, 2019
Another potential privacy issue people have taken note of is that the company’s privacy policy incorporates broad language that allows it to use people’s usernames, names, and likeness for commercial purposes. Lawyer Elizabeth Potts Weinstein also says the policy isn’t GDPR-compliant. Still, while this isn’t great, users often agree to wide-ranging policies that specifically use abstract language (a great way to avoid a lawsuit!). And they have no say in the matter; either they use the service or they don’t. FaceApp says it doesn’t sell user data to third parties.
I am not seeing much fishy in FaceApp
Photos are uploaded to FaceApp's servers on AWS w/ authorization. Not much info is being sent to FaceApp's servers other than user metrics (e.g. ui interactions)
I just wish there's an option for users to delete their photos from the server
— Jane Manchun Wong (@wongmjane) July 17, 2019
Similar claims could be made for apps based in China or even the US, but it doesn’t make the exposure any less troubling. Still, the FaceApp conversation is a worthy one to have; people should think about how their data is being used before sharing it with an unknown app.
If you use #FaceApp you are giving them a license to use your photos, your name, your username, and your likeness for any purpose including commercial purposes (like on a billboard or internet ad) — see their Terms: https://t.co/e0sTgzowoN pic.twitter.com/XzYxRdXZ9q
— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
Credits: Fortune