FaceApp has made a huge comeback in recent weeks with its AI face-morphing features attracting celebrity figures like Drake, Jonas Brothers and even Gordon Ramsay. But with the free app offering some dubious privacy agreements, experts are warning users to think twice before uploading their face to it.
— fawn???? (@fawnilu_) July 17, 2019
The app first starting making the rounds in 2017 when the app offered multiple filters for users to morph their image, including age, gender, "beauty" and ethnicity, although latter was removed after being criticised for being "digital blackface".
Battle lines are being drawn. In the red corner, we have the Search Giant of Mountain View - Google. In the blue corner, coming from Cupertino we have the Fruitiest Computer of All - Apple. The two companies have launched a war of words over your data and how Apple is making privacy a 'luxury item'. Is that true?
So, how does FaceApp work?
FaceApp's website describes it as a 'neural face transformation filter' and offers to transform your face using AI "with just one tap." It uses "deep generative convolutional neural networks" to modify aspects of your face while maintaining a photo realistic look. It can turn your frown upside down, it can preview you at old age and it can make you look younger. Because of its realism, it's going viral on social media and memesters are coming out in full force.
— Miley Ray Cyrus (@MileyCyrus) July 17, 2019
— ???? (@avengermemes) July 17, 2019
Why are there privacy and security concerns?
You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.
The important thing to note is your face, or at least the photo you uploaded, is now owned by FaceApp and they can do with it what they like.
FaceApp CEO Yaroslav Goncharov has denied allegations FaceApp is using uploaded images for anything other than the app, said in a statement, that most images are deleted within 48 hours.
"FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud," Goncharov said in a statement.
"We might store an uploaded picture in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn't upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date."
Rick McElroy, Head of Security Strategy at US cybersecurity firm Carbon Black, warned users need to read agreements like this to make sure they know where their images and information are being shared.
"FaceApp serves as an important reminder that free isn't free when it comes to apps," he said in a media release.
"The user and [their image] is the commodity, whether sold for purposes like marketing or more nefarious things like identity theft and creation of deep fakes. Don't use apps that need access to all your data and be sure to read the End User License Agreements to ensure the app gives users some sort of control and protection based on where the data is stored and processed."
It's easier said than done. Every app is bound to have complicated end user agreement, but websites like ToS;DR can help you sift through them in between.
What should I do if I'm concerned?
If you're truly concerned, the best thing to do is avoid downloading and using the app. If it's too late, simply revoke the app's rights to access your camera roll and delete the app from your phone. Goncharov has also offered a way to ensure your image is deleted from the app by heading to Settings > Support > Report a bug and then adding "privacy".
There are some who've suggested the Russian developers, Wireless Lab, are using the app to mine US biometric data for the Russian government. Lifehacker Australia has reached out to Carbon Black's McElroy to comment on this allegation and will update accordingly.
While FaceApp certainly has some red flags, commonly-used sites like Facebook contain way more of your data and have been used for nefarious purposes as shown by the Cambridge Analytica scandal so it's important to keep an eye on all your apps, rather than just the ones getting all the media attention.
At the end of the day, while the internet and keeping your data safe can be scary things to navigate, with a bit of forward planning and research you can ensure you're protected online.