Emerging Threats

FaceApp goes viral and raises privacy worries: What you need to know

Is FaceApp fun or folly?

If you download this Russian app, you can “age” your face — but media reports have warned you may also be surrendering access to your privacy.

Here’s the issue: To download the FaceApp, you’re required to agree to the app maker’s privacy terms. In this case, the privacy terms seem vague. That’s raised the possibility that the app may be able to access all your photos and some personal data, including your location and IP address — and use it ways you might not want.

The FaceApp application is a reminder that it’s smart to be careful whenever you agree to privacy terms before you download an app. (See tips below.)

FaceApp background: What happened?

If you’ve been living under a rock in recent times, then you probably haven't heard about the FaceApp challenge, where social media users upload images of themselves that have been digitally aged using a selfie-editing tool called FaceApp. Celebrities, politicians, sports professionals, everyone is getting in on the action.

However, when software developer Joshua Nozzi recently warned people to “BE CAREFUL WITH FACEAPP… it immediately uploads your photos without asking, whether you chose one or not,” a media frenzy ensued with people claiming the app uploads the entire camera roll, as well as other sensitive info.

Matters were made worse when people figured out that the app was developed in Russia. “The app that you’re willingly giving all your facial data to says the company’s location is in Saint-Petersburg, Russia,” tweeted the New York Times writer Charlie Warzel.

If you uploaded your photo to FaceApp, should you worry about your privacy?

Are the privacy risks of the FaceApp as great as some news reports suggest?

Maybe not.

A French security researcher who uses the alias Elliot Alderson decided to check if any of the claims were true. Alderson found that FaceApp only uploads the pictures users decide to edit using the app and found that the only other data it grabs is the device ID and device model.

Soon afterward, Nozzi deleted his original tweets warning people about the app and Warzel also deleted his tweets referring to where the app was developed.

In addition, FaceApp recently began notifying users of the app that their photos will be uploaded to a remote server each time they take a picture.

Alderson’s findings should go some way toward easing people’s fear of FaceApp, but it’s worth noting the app’s terms of service state FaceApp can use your photos any way it sees fit.

While this is worrying, it’s not greatly different from what other apps, including those from some well-known U.S.-based tech firms, also do.

Tips: What to consider before downloading an app

With that in mind, here are a few tips to help protect your privacy as you consider downloading any app.

Read the privacy policy

What’s in the app’s privacy policy? It’s smart to find out what information the app collects and shares with third parties, and how your data is stored and secured. Before you accept a policy, read it to make sure you’re OK with the policy.

Protect your personal information

Check what personal information you’re allowing an app developer to access. Often, “free” apps seek to pay their costs by mining your personal data and selling it to third parties.

Recognise the privacy risks in data collection

Data collection is big business. The data you provide when you download an app, surf the internet, or update your profile on a social media platform can be aggregated and sold. It’s a good idea to limit the amount of information you share. Some privacy organisations even suggest providing inaccurate information to a website — like a false date of birth — if you’re not providing it for official purposes.

I used FaceApp. What can I do now?

If you used FaceApp, you have limited options regarding the data you provided.

Washington Post reporter Geoffrey Fowler wrote a news article about an email exchange with FaceApp CEO Yaroslav Goncharov. Here are three key points from that article:

  • Deleting the app won’t get rid of the photos FaceApp may have in the cloud.
  • You can put in a request to delete all data from FaceApp’s servers, Goncharov said.
  • Goncharov said, “For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line.”

You’ll have to decide for yourself if contacting FaceApp and trying to delete your data is a good idea. 


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.