FaceApp goes viral and raises privacy worries: What you need to know

Image

If you download FaceApp, you can “age” your face — but possibly give up your privacy. Learn more.


Is FaceApp fun or folly?

If you download this Russian app, you can “age” your face — but media reports have warned you may also be surrendering access to your privacy.

Here’s the issue: To download the FaceApp, you’re required to agree to the app maker’s privacy terms. In this case, the privacy terms seem vague. That’s raised the possibility that the app may be able to access all your photos and some personal data, including your location and IP address — and use it ways you might not want.

The FaceApp application is a reminder that it’s smart to be careful whenever you agree to privacy terms before you download an app. (See tips below.)

FaceApp background: What happened?

If you’ve been living under a rock in recent times, then you probably haven't heard about the FaceApp challenge, where social media users upload images of themselves that have been digitally aged using a selfie-editing tool called FaceApp. Celebrities, politicians, sports professionals, everyone is getting in on the action.

However, when software developer Joshua Nozzi recently warned people to “BE CAREFUL WITH FACEAPP… it immediately uploads your photos without asking, whether you chose one or not,” a media frenzy ensued with people claiming the app uploads the entire camera roll, as well as other sensitive info.

Matters were made worse when people figured out that the app was developed in Russia. “The app that you’re willingly giving all your facial data to says the company’s location is in Saint-Petersburg, Russia,” tweeted the New York Times writer Charlie Warzel.

If you uploaded your photo to FaceApp, should you worry about your privacy?

Are the privacy risks of the FaceApp as great as some news reports suggest?

Maybe not.

A French security researcher who uses the alias Elliot Alderson decided to check if any of the claims were true. Alderson found that FaceApp only uploads the pictures users decide to edit using the app and found that the only other data it grabs is the device ID and device model.

Soon afterward, Nozzi deleted his original tweets warning people about the app and Warzel also deleted his tweets referring to where the app was developed.

In addition, FaceApp recently began notifying users of the app that their photos will be uploaded to a remote server each time they take a picture.

Alderson’s findings should go some way toward easing people’s fear of FaceApp, but  it’s worth noting the app’s terms of service state FaceApp can use your photos any way it sees fit. 

While this is worrying, it’s not greatly different from what other apps, including those from some well-known U.S.-based tech firms, also do.

Tips: What to consider before downloading an app

With that in mind, here are a few tips to help protect your privacy as you consider downloading any app.

Read the privacy policy

What’s in the app’s privacy policy? It’s smart to find out what information the app collects and shares with third parties, and how your data is stored and secured. Before you accept a policy, read it to make sure you’re OK with the policy.

Protect your personal information

Check what personal information you’re allowing an app developer to access. Often, “free” apps seek to pay their costs by mining your personal data and selling it to third parties.

Recognize the privacy risks in data collection

Data collection is big business. The data you provide when you download an app, surf the internet, or update your profile on a social media platform can be aggregated and sold. It’s a good idea to limit the amount of information you share. Some privacy organizations even suggest providing inaccurate information to a website — like a false date of birth — if you’re not providing it for official purposes.

I used FaceApp. What can I do now?

If you used FaceApp, you have limited options regarding the data you provided.

Washington Post reporter Geoffrey Fowler wrote a news article about an email exchange with FaceApp CEO Yaroslav Goncharov. Here are three key points from that article:

  • Deleting the app won’t get rid of the photos FaceApp may have in the cloud.
  • You can put in a request to delete all data from FaceApp’s servers, Goncharov said.
  • Goncharov said, “For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line.”

You’ll have to decide for yourself if contacting FaceApp and trying to delete your data is a good idea. 

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.