FaceApp went viral again on Monday thanks to Drake and many of your favorite rappers, who used the fun app to digitally age themselves in the #FaceAppChallenge.
But the viral photos of our favorite stars in their later years has set off a huge debate in the digital security community about whether it is safe to upload your photos. Some have said its completely harmless and nothing in FaceApp is worse than anything Google, Facebook and Amazon aren't already doing with your data.
While eagle-eyed researchers have debunked many of the most outlandish claims — like those that said the Russian government would have direct access to your entire photo library if you used the app — cybersecurity analysts still say users should be wary about uploading photos to FaceApp because of its expansive terms and conditions.
"You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you," FaceApp says in its terms of service.
Super worth trading all your personal information to a Russian company for the opportunity to turn your face 20 years older. What a deal!! #FaceAppChallenge
pic.twitter.com/SYgWFsamug— Roy White III (@RDubThree) July 17, 2019
FaceApp now has 80 million users, and dozens of celebrities have Tweeted or posted photos of themselves with wrinkles and grey hair.
People were initially worried about the app because they were reminded, as they were when the app was created and went viral in 2017, that it was made by Wireless Lab, a small company based in Russia.
If you use #FaceApp you are giving them a license to use your photos, your name, your username, and your likeness for any purpose including commercial purposes (like on a billboard or internet ad) — see their Terms: https://t.co/e0sTgzowoN
pic.twitter.com/XzYxRdXZ9q— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
Many popular apps and programs are made in Russia, but concerns have been raised since the 2016 election, where the Russian government used data taken from harmless Facebook quizzes to target American populations with disinformation and false advertising. The now-shuttered Cambridge Analytica used data from a Facebook personality quiz — titled "This Is Your Digital Life" — to gain third-party access to a Facebook user's call logs, text logs and location information as well as that same information from a user's friend circle.
Additionally, the U.S. government has said countries like China and Russia leverage companies within their borders to hand over information they get from users abroad, a troubling practice that has prompted a number of international scuffles over privacy policies.
FaceApp came out on Wednesday with a six-part statement disputing any claims that their app is not safe.
BREAKING: Most of your fears about Face App are bunkum. The app's developers have released a statement answering key questions pic.twitter.com/xj9AvEwVXC
— Chris Stokel-Walker (@stokel) July 17, 2019
"FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date," the statement said.
"All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person. We don’t sell or share any user data with any third parties. Even though the core R&D team is located in Russia, the user data is not transferred to Russia."
The developers specifically addressed the claim that your entire photo library is uploaded to their servers, writing that they "upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.”
FaceApp said they are accepting requests from users to remove all of their data from their system but that currently their system is overloaded with people asking for it. To put in your own request, users are advised to go into the app's Settings and hit "Support->Report a bug” with the word “privacy” in the subject line.
Although most fears have been calmed, some analysts say people should still be worried as more and more systems opt to use your face as a password for your personal information.
Technology expert Steve Sammartino told the New York Post that “your face is now a form of copyright where you need to be really careful who you give permission to access your biometric data.”
“If you start using that willy-nilly, in the future when we’re using our face to access things, like our money and credit cards, then what we’ve done is we’ve handed the keys to others,” he said.
Robert Siciliano, security awareness expert at Safr.Me. had similar things to say in an interview with MarketWatch.
“There has been a lot of worry regarding Russian-based companies whose hands are being forced by the Russian government [when] they require a backdoor access to the companies’ data and servers,” Siciliano said.
“Any app gathering data points that could lead to facial recognition should be of concern especially when it’s being used by government agencies, foreign companies or foreign intelligence.”
FaceApp was initially criticized heavily when it first came out for releasing different "race" filters that lightened people's skin and allowed people to change their faces different colors, amounting to what many called "digital blackface."
