FaceApp Goes Viral Again but Privacy Concerns Remain a Thorn

• FaceApp returns to extreme popularity thanks to a new gender-swapping feature.
• People are uploading massive amounts of image data to the Russian company’s servers.
• The privacy policy of the app seems to be solid, but there are always grave risks involved.

“FaceApp” has gone through waves of massive popularity since 2017, and privacy experts have highlighted their concerns around the app’s data retention and analysis policies. The app is deploying an advanced AI system to transform the face the user uploads onto the platform, changing the expression, style, or the age of the depicted individual. Recently, the app launched a new feature that enables users to change gender, and it has gone trendy again. People are once more uploading their images en masse, and privacy experts returned to warning people of the involved risks.

So someone did this for me 🤦🏽‍♂️#faceapp pic.twitter.com/4BiKjJcTqs

— محمد جنید (@TheJuniii) June 20, 2020

Last summer, the app admitted that all of the uploaded images end up in the company’s servers, as there is no way to run the powerful AI’s needed for the photo manipulation locally on the devices. The app’s CEO stated that they do not store anything permanently, and they do not share anything with the Russian state or Roskomnadzor. The app says everything is deleted from the cloud server 48 hours after uploading. But none of these claims can be proven, so believing and accepting them is a matter of trust.

FaceApp’s privacy policy makes mentions of “app improvement” and “algorithm training”, so the data may not be used outside the vendor’s systems. However, it could still be used for purposes outside the spectrum of image manipulation. The fact that FaceApp remains free should be enough to raise concerns, as ESET’s infosec specialist Jake Moore said. Secondary data extractions, hidden agendas, mass information gathering, and also re-purposing, are just a few of the potential scenarios that underpin platforms that are free of charge. That is not to say that there’s any proof connecting FaceApp with nasty data management practices right now.

FaceApp is using ads to make a profit, so officially, this is their business model and not selling people’s faces to facial recognition system developers or the state. Still, though, this is not data that you can reset or change if something goes wrong. Your face is unique and stays the same forever, so you’re sharing biometric data with a company that may compromise it. Even if FaceApp is entirely honest with the userbase, they may suffer a data breach that will result in the leaking of this data. If you’re using FaceApp, at least keep the image uploads to yourself, and try to avoid uploading other people’s faces.