Over the past few days there has been a surfeit of pictures posted on social platforms, especially Facebook, of their mugshots– from the present and how they would look in the future. In fact, one of the images that went viral over WhatsApp was a meme of the Indian cricket team in 2050, with the likes of Virat Kohli and MS Dhoni still playing.
For the uninitiated, the app which went viral again on the iOS platform after having done so two years ago, provides users with the power to change their facial expressions, looks and see how they are likely to age in the future. Which explains the sudden flurry of activity over social platforms with users twisting the features of global leaders.
The app, developed in St. Petersburg, Russia, using a photo-realistic face-morphing technology built around neural networks, has once again raised questions over the security of data residing in Apple phones with US Senator Chuck Schumer calling on the FBI to investigate amidst reports that it has access to data from 150 million people across the world.
Users in the United States are questioning the legitimacy of the app, given that it requires users to login via Facebook, collects data related to the name, profile pictures, photographs and email details, with the company ambiguously stating that such data could be shared with its “affiliates”.
using a network traffic analyzer, I tried to replicate the thing people are talking about with FaceApp allegedly uploading your full camera roll to remote servers, but I did not see the reported activity occur.— Will Strafach (@chronic) July 17, 2019
here is marlo stanfiekd with a beard though pic.twitter.com/6wy8cHLNuA
The immediate threat relates to all user photos getting uploaded on to the app, though security researcher and Guardian App CEO Will Strafach refuted this claim. However Geoffrey A. Fowler, technology editor at the Washington Post, believes that the app does in fact share data with other applications.
In his article, Fowler says that the app shared data from his phone with Facebook and Google AdMob, which probably helps it place ads and check their performance. “The most unsettling part was how much data FaceApp was sending to its own servers, after which… who knows what happens.”
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you…”
So, be warned that photos shared via FaceApp may find their way into some other servers, and eventually onto a pornsite, or maybe a billboard in some other country.
The app has a history of launching features and then removing them. Two years ago, it allowed ethnicity filters allowing users to change their faces and check how you’d look if they were black, Caucasian, Chinese or Indian. Of course, the developers removed this filter after user protests and media outrage, after which the app disappeared.
Now that it has resurfaced, FaceApp gets users to give it permission to access user photos, besides possibly gaining access to Siri and Search on the iPhone. There is also the possibility that it is refreshing itself in the background which means that it is using your data even when you aren’t actually using it.
BIG: Share if you used #FaceApp:— Chuck Schumer (@SenSchumer) July 18, 2019
The @FBI & @FTC must look into the national security & privacy risks now
Because millions of Americans have used it
It’s owned by a Russia-based company
And users are required to provide full, irrevocable access to their personal photos & data pic.twitter.com/cejLLwBQcr
In the iOS version, there is a minor saving grace whereby if iPhone users have set Photo Access status to Never, the app wouldn’t be able to get to the photo library. Users would then need to give permit the app by choosing a specific photograph.
What continues to be unclear is whether this photo gets processed in the cloud and whether the app retains the image on their servers.
There is also the possibility that the app doesn’t do anything nefarious today but is silently capturing all sorts of data- including screenshots of bank account data on the user’s most personal device.