FaceApp - The Russian Face Ageing App That Could Be A Danger To Your Privacy
I see old people. All over my news feed.
FaceApp is back in the social trends again, to the point that chances are you’ve found “that one friend who doesn’t really know how social media works, but posts something super strange every once in a while” do it. With a new face-ageing filter, it brings up
If you haven’t used FaceApp yet, stop and read this. If you have already, it’s not too late to potentially save your online privacy.
For context, FaceApp is a photo filtering app developed and based in Russia. It’s been around for a while, going back to 2017, but it’s making the rounds again because of a filter that makes you look older or younger.
That’s all fair and good - we can all do with a laugh sometimes at the expense of ourselves. But the alarming bits come when the app requires permission to your entire camera roll and that it harvests the metadata from said pictures.
Let’s explore the nitty gritty here. For this app to work and apply the filters that it does, the picture (and its subsequent metadata) that each iOS user chooses is uploaded and stored on its servers to apply the tweaks, then it is downloaded back to your phone.
This is pretty common practice, before you react too early there, dear reader. The issue with this bit comes from the obscurity of what happens to the picture. Remember, chances are you’ve backed up your entire camera roll to Apple’s iCloud or Google Photos. But given the company’s location (Russia), it understandably raises a few eyebrows.
And then we get to the Privacy Policy, which isn’t even close to GDPR compliant! The key part is where the policy says that your data can be transferred to any location where they have a facility, which even though it was uploaded to an AWS server means (spoiler alert) it can go to Russia. That leaves it potentially exposed to the country’s security services. Indeed some troubling exposure here. But it doesn’t really matter, as you lose all your legal standing by ticking I agree to everything, while blissfully unaware of what you’ve actually just complied with.
So, how do you request deletion from their servers? In a statement to TechCrunch, FaceApp developers laid out that you can by going through Settings-Support-Report a bug, and then typing the word “Privacy” in the subject line.
Where am I going with this? Well to answer the whole “should I use this app” question, that falls firmly on your privacy comfortability. How much do you care about your online anonymity? If you’re backing up your photos and training the algorithms behind said services to know your face and automatically tag you, chances are you don’t really care.
But there needs to be some conscious thought both from us as users and the developers, to combat the uncomfortabilities here - we need to actually research the privacy implications of an app before getting it, and FaceApp need to give the world a proper policy that protects your online identity.
This is a good conversation to have, as FaceApp’s privacy ambiguity gives you a lesson to learn about the wider app ecosystem - think before you agree.