News

FaceApp Challenge: Privacy experts voice security concerns about Russian aging challenge

FaceApp Challenge
FaceApp Challenge: Experts raise security concerns. Pic credit: Inside Edition/YouTube

Privacy and security experts are warning people about the ongoing viral FaceApp Challenge in which users add years to images of their faces on their smartphone using the AI-powered app.

The free service FaceApp uses AI to edit the photos on users’ phones and changes them into what users supposedly might look like decades from now. The app can also make other changes, such as add grey hair and beard.

The FaceApp Challenge quickly went viral with the #faceappchallenge trending on social media.

But experts are warning people, that although the FaceApp Challenge is fun, users might unknowingly be signing over rights to their own images to a Russian company. FaceApp is owned by Wireless Lab, a company based in St. Petersburg, Russia.

FaceApp Challenge warnings

Forbes reports that concerns were first raised earlier in the week when a developer named Joshua Nozzi took to Twitter to warn people that FaceApp could be accessing people’s phones, taking as many photos as it can find, and uploading them to the company’s servers without users’ permission.

French security research expert Elliot Anderson, whose real name is Baptiste Robert, investigated the app to find out where it was sending users’ images. He concluded that contrary to Nozzi’s suggestion that the app might be taking all photos on users’ phones and sending them to the company’s servers, it only took the photos that users had submitted.

Anderson also found that the company’s servers were not based in Russia, as some had claimed, but in the U.S. According to Forbes, it was not clear how much access the company’s employees have to the images uploaded to their servers or whether the processing was done exclusively on users’ phones or on the company’s servers.

Despite Anderson’s confirmation that the company’s servers are based in the U.S. and Australia, other security experts continued to warn users about the Russian company behind the app. The company first became visible in 2017 and currently has more than 80 million users worldwide.

Experts have drawn attention to the details of the company’s privacy policies, saying that users could be unwittingly signing over control on how their images are used and how and where they are stored.

FaceApp CEO responds to security questions

The company’s CEO, Yaroslav Goncharov, has tried to allay fears, saying that there are no issues with their privacy policy. He said that FaceApp only uploads photos that users submit for editing and that they never upload any other images from users’ phones.

He said that the company stores uploaded photos in the cloud in order to optimize performance and save users the need to upload their submitted photos each time they want to do an editing operation. He added that most of the photos uploaded to their servers were deleted within 48 hours.

Ralph Walsh, a digital privacy expert, told Yahoo! News that the company has an invasive privacy policy that gives it full rights over users’ data, including permission to use and upload photos and users’ “persona and voice” for any reason now and in the future. He warned that the permissions were very broad and wide-ranging and that it should concern users, especially in the era of deep-fake technology, which involves the use of AI-powered software to create fake but realistic videos of people.

Walsh warned people to be wary of apps that could end up harvesting and transmitting their sensitive data without their knowledge. As an example, he mentioned an app called Meitu that came out in 2017 that allowed people to turn their selfies into Manga characters. According to Walsh, it was later found that the app was transmitting sensitive data back to servers in China.

Your face is copyrighted

“Your face is now a form of copyright where you need to be really careful who you give permission to access your biometric data,” security expert Ariel Hochstad told the Daily Mail. “If you start using that willy nilly, in the future when we’re using our face to access things, like our money and credit cards, then what we’ve done is we’ve handed the keys to others.”

Other privacy experts posted an excerpt from FaceApp’s terms and conditions to Twitter, pointing out that it essentially gives the company a perpetual and irrevocable right to use, adapt, modify and publish images that users submit.

It also allows the company to “publicly perform and display your User Content and any name, username, or likeness provided in connection with your User Content in all media formats and channels now known or later developed.[sic]”

Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments