Irish IT security experts sound alarm bells over popular FaceApp

Cheryl Sanders
July 21, 2019

This week the #FaceAppChallenge went viral on social media with users sharing their pictures after using its filter that adds wrinkles and grey hear to make them look old.

Putting in context the brewing FaceApp episode, cyber-security experts told TODAY that it is technically possible for any app to be collecting more data than it should, pointing out that this applies to extensively used apps such as Google and Facebook.

And here are Twitter's terms: "You grant us a worldwide, non-exclusive, royalty-free licence (with the right to sub-licence) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such content in any and all media or distribution methods (now known or later developed)".

It used an artificial intelligence-based imaging tool and required a user to upload a picture.

"App Annie data show that in ten days from July 9 to July 19, the application earned more than $ 1 million, and the majority of the money came from owners of Apple mobile devices who paid $ 746 thousand", the text says. "We don't sell or share any user data with any third parties".

Finally, according to Schumer, it is USA citizens and it is questionable whether data is passed on to third parties or even to foreign governments. The main reason why a photo might be uploaded to the cloud is to make sure that users do not upload the same photo repeatedly for every editing operation.

We asked David Choffnes, an assistant professor at Northeastern's Khoury College of Computer Sciences whose research includes designing solutions to internet security and privacy, to break down why users find the app so appealing, the risks associated with it, and measures we can take to protect our privacy online. The broad terms of service mean FaceApp developer Wireless Lab could use your face photos for anything from advertisements to facial recognition training. FaceApp also confirmed that the photos are stored in the cloud for editing and most are deleted within 48 hours. The app works similar to the photo filters integrated into Snapchat and MSQRD.

He said that people aren't thinking before they sign up to apps and often agree to terms and conditions without reading them. And even though the core R&D team is based in Russian Federation, the user data is not transferred to Russian Federation. Again though, this isn't uncommon with privacy policies.

US Senator Chuck Schumer (D-NY) called for the FBI to investigate FaceApp, a highly popular application that alters users photos. "Apps like Facebook and Instagram not only keep the photos and posts on the server, they also harvest metadata such as personal details, location details, user search behaviour, and the social networking map of each user", he said. It told TechCrunch that users can request to have their data deleted.

Still, caution is called as users give "more power" to malicious figures behind apps than those behind links, where phishing is a common mode of attack, he said.

Other reports by iNewsToday