FaceApp – is it safe to use and how does it handle my data?

The ‘FaceApp Challenge,’ where users upload a picture of themselves to an App to see how they would look artificially aged by 30 years, became a viral sensation in July 2019, with 12.7 million new users downloading the app in the space of two weeks and 80 million active users.

However, as the app’s popularity soared, so did concerns about the lack of privacy and security of the data it was collecting. These worries stem from the view that the company behind the app takes a cavalier approach to users’ data. Critics also claimed that because the app was uploading images to the cloud, when it could have processed the data locally on a user’s smartphone or tablet, the app was being used as a front to create a database of images and train AI facial recognition software.

The owner of the App, Yaroslav Goncharov, has since said that ‘most photos uploaded are deleted within 48 hours’ and that the company ‘never transfers any other images from the phone to the cloud.’ Cyber-security researchers have also confirmed there are other reasons FaceApp would want to use the cloud, namely that this makes it harder for FaceApp’s competitors to see how its algorithms work. Thus, allowing FaceApp to retain their competitive advantage.

Accessing your library

Nonetheless, as some users rightly pointed out, the app allows you to pick and use photos without giving it access to your photo library. Given how many screenshots people take of sensitive information like banking statements, this level of access could be a big security risk. However, it’s important to note that this is not against Apple’s privacy policy as of iOS 11. This is because when choosing a photo for FaceApp, you explicitly tap one image, which, in the eyes of Apple, signifies user intent. This gives the app only that one photo, meaning you don’t have to provide access to the entire library.

So, don’t panic if you have your access preferences saved as ‘Never’. It may seem that FaceApp can bypass this, but only the one photo you choose to edit will be added to the app’s server.

Protecting your privacy

If you are concerned by the app’s privacy terms, it is worth noting that many other apps, such as Twitter, have the same privacy conditions. You can view these at any time via settings on your phone or tablet to see exactly what information you are giving away. What’s more, the privacy policy of the app states that FaceApp cannot rent or sell your information to third parties; although FaceApp can use photos for their own commercial purposes, such as advertisements.

If you want to take additional measures to protect your privacy, you can request your personal data be deleted. You can do this by going to settings > support > report a bug. Then use the word “privacy” in the subject line message.

Bypassing fake apps

One of the biggest threats that has stemmed from the ‘FaceApp challenge’ has come from the number of copycat fake apps that have appeared in the Apple and Google Play stores. These apps often contain malicious software and can be used to scam users into paying for premium services that amount to nothing. In fact, according to researcher Lukáš Štefanko, there were 200-thousand stories online in July about the fake app ‘FaceApp Pro’, which included malicious links and were clicked over 90,000 times.

It is important to be vigilant when downloading anything from the app store to ensure it is really the official version. Apps that masquerade as the original pose a whole host of cybersecurity risks that you need to protect yourself against.

If you found this post useful check out our other posts on app security: