If you’ve been on Instagram or Twitter in the last few days, you must have seen some wrinkly old photos of celebs popping up in your feed with the hashtag #AgeChallenge. That was a glance of the internet’s latest viral obsession—the FaceApp challenge. The gist of it is that you upload a photo of yourself on an application called FaceApp and the app will render the realistic aged version of yourself using artificial intelligence. Though FaceApp was launched in 2017, it grabbed the headlines recently when the FaceApp challenge took social media by storm.
The social media challenge kicked off last week and rode a rollercoaster of reactions with celebrities lobbying this challenge at each other. People around the world started sharing eerily realistic photos of what they may look like when they are old and grey on social media. Even celebrities from Piers Morgan to Drake and the Jonas Brothers and other influencers also jumped on this bandwagon.
However, the internet caught a fire when a Twitter user, Joshua Nozzi posted about the potentially murky consequences of uploading photos into the app. The tweet by the developer evoked a question in everyone’s mind that “what exactly happens to those photos we upload? His experience with the FaceApp involved some suspicious loading issues which made him believe that the app was downloading his entire photo library. This tweet was understandably alarming for anyone who has sensitive pictures in their camera roll.
The surge sparked calls for caution and a number of claims came to the forefront that the app might be secretly stealing your phone’s data and giving it back to Russia for some nefarious project. Now people are talking about the privacy concerns the app poses and if it is true, then millions of people may have unconsciously exposed their data to a surveillance state.
A Glance at Faceapp’s Background and Terms of Service
Wireless Lab, the company behind FaceApp is based out of St. Petersburg, Russia and headed by an ex-employee of Yandex, Yaroslav Goncharov. While the bulk of the concerns are based around the fact that the app is made by a Russian company, another potentially problematic wrinkle to the access issue that raised a growing number of privacy concerns is its sketchy terms of service agreement. Section 5 of the terms of service of the app declares that the company holds “perpetual, irrevocable” rights over its users’ app-generated photos. Though such kind of content ownership is pretty standard, FaceApp’s terms of service are particularly vague as its privacy policy gives it the ability to access all the information sent by your device including the websites you visit, your photos, and more to improve its services. Concern escalated further when people came to know that rather than processing the data right there on a person’s phone, FaceApp creates its identity-morphing images by uploading the photos to cloud servers.
The FaceApp Controversy: The Fact and Fiction
A lot of eyebrows were raised against this trendy app when an app developer, Joshua Nozzi tweeted that FaceApp was uploading troves of photos from people’s smartphones without their consent.
However, when a French cyber-security researcher got into the root of Mr. Nozzi’s claims, he didn’t find any evidence of something shady afoot. He downloaded the app and checked where it’s sending users’ data and found out that it only takes submitted photos back up to company servers.
And those servers are based in Amazon data centers in the U.S., not in Russia. FaceApp’s CEO Yaroslav Goncharov told that the app’s photo processing occurs on Amazon and Google cloud platforms, which are mostly U.S.-based tech platforms while some servers are also hosted by Google across other countries, including Ireland and Singapore.
Others have also speculated that FaceApp may use the data collected from the user’s device to train facial recognition algorithms. Even if the photos are deleted, the measurements of features on a face can be extracted and used for such purposes. But the company has directly denied uploading any photos from users’ phone other than the ones they select to edit and it said it doesn’t sell or share data with any third party but temporarily stores images in the cloud for 48 hours for performance reasons.
So, does this mean it is completely safe? Should we feel free to partake in the FaceApp challenge without worrying about our privacy? Well, not exactly. Although security researchers have found no evidence that indicates something underhanded is happening with the app, the privacy questions surrounding FaceApp are still a cause for concern due to some reasons.
FaceApp Privacy Concerns
Aside from the Russia connection, there are other real possibilities of threats that become a cause of concern for the FaceApp users. As users upload their close-up and well-lit images, it can be a source of a huge hoard of facial data for emerging illicit markets that use face images to gain access to bank accounts. Research shows such images can also be used to crack the facial identification systems used to secure some smartphones.
The facial data can be used by hackers to break into bank accounts. With institutions increasingly relying on facial identification to secure bank accounts, cryptocurrencies, and international borders, such huge databases of selfies on the app can serve as a treasure trove for scammers to conduct identity theft. There is huge traffic of offers on the dark web to create fake IDs and the verification of identity involves images of our faces.
If they access your images, it won’t be that difficult for them to triangulate, verify and add more data such as your education and work history from sources like LinkedIn and create an annotated image record of you as a human. You may argue that similar risks can also exist with other apps like Instagram or SnapChat that uploads our photos, but FaceApp stands out because it persuades people to take ID-style photograph. If scammers can get hold of a suitable, front-facing photo of a person by gaining access to a giant database of selfies, they could easily bypass authentication protocols using those photos. They can also weaponize the data in a cyber-attack or a propaganda campaign.
Another gray area highlighted by multiple tech reporters is that as per the company’s privacy policy, the user data can be processed in the US or any other country in which FaceApp service providers maintain facilities. And whether any of this data is ever stored or mirrored back to servers in Russia is still unknown.
The Bottom Line
Whether the FaceApp privacy controversy was a tempest in a teapot or a real privacy scandal is not yet crystal clear. But one thing is certainly true: as much as people talk about the value of privacy, most of us are remarkably lazy when it comes to giving attention to the terms and conditions of an app. How many of us attentively read the privacy policy of any app? And how many of us really understand how our data is being used? In the case of FaceApp, people were shocked to know that some of their photos were not being deleted from the server even after 48 hours.
Apparently, most of us really don’t care until someone points out that something terrible might be happening. We know it’s easy to breeze past those long privacy policies of the app before downloading it, but the sooner we start paying attention, the sooner we can safeguard our data. So, the bottom line is whether or not to trust the app is up to you. If you’re uncomfortable with the way the app stores your images, don’t use it. Is a peek into the future worth your privacy in the present? Just think about it and make the right decision.