The FaceApp App Poses Security Risks, Security Experts Said

Have you ever wonder how you'll look when you get older? Like ten, fifteen, or twenty years from now? FaceApp can answer that.

With AI the app uses, it can 'automagically' alter users' photos by making them younger or older. Even more, the app can also make a frowning face smile, styling the appearance, and even change gender. This prompted the #FaceAppChallenge which spread and became a trend on social media networks.

For many reasons, it's great and fun to use.

And given by its immense popularity, it has become one of the fastest growing app out there on the market.

FaceApp was created by developers at Wireless Lab based in St. Petersburg, Russia, launched on iOS in January 2017 and on Android in February 2017. Using AI, it's aim is to leverage the technology to automatically generate highly-realistic transformation of faces in users' photos.

And according to security experts, there are issues:

First of all, the experts said that the app is giving Wireless Lab an unlimited access to users' camera rolls.

According to the terms and conditions that users must agree before using the app, the company has the rights to modify, reproduce, and publish any of the images users manipulate using the software.

"You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you," the terms state.

In security and privacy perspective, the case goes worse as Wireless Lab can still use users' photos when the users have uninstalled the apps.

And because the app uploads users' photos to the cloud, where they are edited, before sending them back to the users, this essentially makes FaceApp different from other photo editors.

Agnezmo - FaceApp
Indonesian singer-songwriter Agnes Monica, sharing her FaceApp. (image: Instagram @agnezmo)

According to Ariel Hochstadt, a security expert from the vpnMentor, the above abilities allow the company to easily identify the users, and/or to then connect their photos with other information the company may have about them.

"They also know who this image is, with the huge DB they created of FB accounts and faces, and the data they have on that person is both private and accurate to the name, city and other details found on FB," he explained.

Eventually, this opens possibilities for those who got to hold of that data, to maliciously use them to gain access to banking websites, and/or use credit cards without the owners' consent.

FaceApp has met several controversies in the past.

For example, it had a 'hot' transformation filter which received criticism and accusations of racism, because it lightened the skin color of black people and made them look more European. FaceApp briefly renamed it to 'spark' before finally removing the feature.

The app also met controversies and criticisms when it featured "ethnicity filters" which depicted "White", "Black", "Asian", and "Indian", that before the app finally removed the filter.

Following the security concerns people worry, the company's founder, Yaroslav Goncharov, tried to ease the tension by saying that user data and uploaded images were not being transferred to Russia but instead processed on servers running in Google Cloud and Amazon Web Services.

BuzzFeed News later reported that FaceApp doesn't really send users' camera roll to its servers. According to its research, the app only uploads what's necessary, which includes the photo taken, to its servers, and more likely nothing else.