Security experts are warning that FaceApp ?— a smartphone app developed by a Russian company in 2017 that takes your picture and transforms it ?— may have access to every single photo on your phone.
Concerns have been raised around a questionable clause in the user agreement of the app that states that FaceApp can access, store and use images from your phone’s camera roll – even without your permission.
FaceApp uses artificial intelligence to alter the appearance of people in the photos that users submit, transforming them into their elderly versions. It can even use its AI to change their hair color, give them beards, swap genders and make them look younger.
From the time it was released, around July 2017, FaceApp has been downloaded onto smartphones all over the world over 12.7 million times. It became extremely popular thanks to a viral trend where people would post the older versions of themselves that FaceApp created onto social media websites. Celebrities all over the world also joined in on the fun, contributing to the spread of the app.
This surge in its popularity, however, may have been what convinced privacy experts to take a closer look at the app’s terms and conditions. (Related: Facebook app monitors users’ posts to track and report their emotions.)
According to James Whatley, a strategist for Digitas UK, a digital marketing company, to use the app, users have to give it permission to use, modify, adapt and publish any images that they give to its AI to alter.
Whatley posted an excerpt of the terms and conditions of the app online, which reads: “You grant FaceApp a perpetual, irrevocable… royalty-free… license to use, adapt, publish, distribute your user content… in all media formats… when you post or otherwise share.”
This means that FaceApp is allowed to use your name, username and “any likeness provided” in any media format, as well as use them for promotional and commercial purposes ?— like plastering your face onto a billboard or including your likeness in an online ad ?— without having to compensate you. If you complain, they won’t have any obligation to take it down and even if you delete the app, they will still have the rights to any picture you provided.
Furthermore, if the user uses Apple’s iOS platform, FaceApp may be able to have access to photos on their phone’s photo library even if a user has set photo permissions to “never.”
Responding to the criticism, FaceApp released a statement, stating that it only uses photos that users have specifically selected for their AI to edit and that security tests have shown that there is no evidence that their app uploaded a user’s entire camera roll anywhere online.
Furthermore, FaceApp admitted that while it does store the photos users have chosen to upload to cloud storage networks, the images are only stored there for a short period of time. “Most images are deleted from our servers within 48 hours from the upload date,” FaceApp said in their statement. According to FaceApp, this is done for “performance and traffic,” such as to make sure that a user doesn’t accidentally upload the same photo.
It further tried to ease tensions by saying that user data is neither being sold to third parties nor “transferred to Russia,” despite the fact that the company’s research and development team is located in that country.
Steve Sammartino, a business technology expert, told reporters that people need to be careful when using FaceApp and other apps similar to it.
“Your face is now a form of copyright where you need to be really careful who you give permission to access your biometric data,” said Sammartino. “If you start using that willy-nilly, in the future when we’re using our face to access things, like our money and credit cards, then what we’ve done is we’ve handed the key to others.”