FaceApp raises security and privacy concerns

While the app enabling people to see older versions of themselves has delighted many, some have warned that FaceApp may poise some serious privacy and security concerns.

The Russian app was launched back in 2017.  It recently went viral with both regular Joes and celebrities posting pictures of how an aged version of themselves would look like. This was done through the so-called FaceApp Challenge.

However, some experts warn that the app poise some serious privacy concerns. One of these was that FaceApp would automatically get access to users’ entire photo library.

These suggestions were later shot down by Will Strafach, founder and CEO Guardian Firewall, the cybersecurity company. “I tried to replicate the thing people are talking about with FaceApp allegedly uploading your full camera roll to remote servers, but I did not see the reported activity occur,” he tweeted.

Instead, it seems like only photos that have the filter applied to them are uploaded to FaceApp’s library.

This was seemingly confirmed by Yaroslav Goncharov, CEO of Wireless Lab, the company behind FaceApp. Speaking with The Verge, he stated that photos were uploaded to the company’s server to save bandwidth if several filters were applied but that they were deleted shortly after.

Yet, this is a concern for some as facial-recognition software can be taught to recognize people via a selection of photos.

David Shipley, CEO at Beauceron Security, the cybersecurity firm, told 660 News that hackers could use photos to be able to get access to people’s devices.

Others have expressed concerns that FaceApp’s terms and conditions gives the company ownership of the content created. “If we’re being brutally honest, the terms of use regarding FaceApp are no different to any of the multiple social media platforms billions of people use every day,” James Whatley, strategy partner at experience marketing agency Digitas UK, told Wired UK.  The only difference to him was that sites like Instagram allows users to opt out whereas this option was seemingly non-existent within FaceApp.

FaceApp is also accused of being non-compliant with the General Data Protection Regulation (GDPR), the EU law regulating how private data is stored. That’s according to Pat Walshe, managing director of Privacy Matters, the privacy and data protection consultancy. He told Wired that FaceApp didn’t ask for users’ consent for the app’s ad-tracking software, which they should have under GDPR.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.