‘Old Face Filter’ FaceApp Sets Off Security Alarms

Let’s face it, the suddenly viral FaceApp is a personal data harvesting operation run by a Russian tech company.

Image: FaceApp

Your social media feed has likely been jammed with a fresh new fad called FaceApp, a seemingly innocuous little smartphone game where you take a picture of yourself and Artificial Intelligence then shows what you’d look like as an old person. But security experts around the world are sounding the sirens about some very serious privacy problems about this app developed and operated by a Russian tech company.

Let’s start with the big one: FaceApp will access your entire photo library, and as noted above, that means location data and the time the image was taken, too. The company says in a response to TechCrunch that “We only upload a photo selected by a user for editing” and “We never transfer any other images from the phone to the cloud.”

Users are finding this answer to be kind of an evasion. While FaceApp only uploads the photo you select to their cloud server, they still have access to your entire camera roll, and every piece of metadata associated with it. As TechCrunch also addressed, FaceApp is not uploading your entire camera roll to their cloud servers, but they can access even photos even if you’ve set your permission to not allow this.

More trouble lies in the FaceApp’s terms of service, which are far more invasive than the industry standard. How trustworthy do these words sound?

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you,” the terms say.

This doesn’t means FaceApp owns your photos, it just means they have permission to do literally anything they want them. So don’t be surprised when you see your face in a Donald Trump 2020 ad.

And it is not unreasonable to be suspicious since FaceApp is a Russian creation based in St. Petersburg. Forbes confirmed the company’s servers are not in Russia, but instead in the U.S. and Australia. Still, Russian employees and staffers can access anything on those servers. And the Kremlin has unusual control over Russian tech companies as they increasingly try to infiltrate U.S. tech firms.

Tech types will inevitably make the argument that all apps collect your data, so we should just abandon any form of caution and blindly tolerate and trust any app. But remember the Cambridge Analytica scandal, the Facebook breach of 30 million accounts, and the Ashley Madison hack. Even the top tech firms allow our data to fall into the wrong hands. Some people are digging on the new app that shows you what you look like in 40 years, but reminding people the security risks of these things is getting old.

View Comments