- Researchers analyzed the 'Voila' app and found no apparent data retention or management violations.
- The particular app is still somewhat risky because all user uploads go to its servers for AI processing.
- Users are advised to use the app with care as a data breach on the company's servers is always a possibility.
A new AI-powered photo manipulation app is rising high in popularity right now, called 'Voila AI Artist.' The app invites users to upload a high-quality portrait of themselves and then gives them the option to generate a realistic "hand-drawn painting" from the source material. The choices include "cartoon," "caricature," "18th century", and "Renaissance era," and the results are pretty impressive. The problem? The app is uploading the user images to its own servers, where it processes the material.
The excuse for this has always been that the AI needs a lot of power to work its wonder, and having it run on a smartphone would take ages to complete the process, overheat the device, and hurt the overall experience. We have heard these excuses again and again, and they are almost always accompanied by shady or incomplete data management and privacy protection policies.
To clear up the fog, researchers at CheckPoint have decided to take a deeper dive into the Voila app and shared their findings with TechNadu, so here's what they discovered.
- Voila app sends face photos to its servers for processing.
- The app includes a specific and unique installation ID (vdid) generated by Google Play when it sends photos for verification.
- Face photos are linked to specific user installation details. In the event of a cyber attack, face photos and user details can potentially end up in malicious hands.
- The app has been written by a legitimate LLP company registered in the United Kingdom (UK).
- In terms of permissions, the app utilizes only the bare minimum required for operation.
- The app verifies that the images contain face(s), and only after that verification, the app sends them to the server for processing.
- All communication with the server is performed using HTTPS, so the traffic is encrypted out-of-the-box.
- The app is using well-known open-source libraries, where possible.
- When the photo is sent to the server, the app includes the specific and unique installation id (vdid) generated by Google Play, potentially linking faces to the specific installation.
As it becomes clear from the above, Voila does come with some risks, even though they all appear to be mitigated. In essence, it all comes down to trust, both in terms of data retention policies and the security of the information. Data breaches aren't unprecedented, so whatever is stored on an online computer could potentially be accessed by unauthorized individuals. In fact, this is often a question of "when" rather than "if."
Yaniv Balmas, Head of Cyber Research at Check Point Software told us:
For example, if the company is hacked, the attackers could potentially gather a large data base of all faces of application users. We have no way of telling if the company is doing anything illegal or malicious, but I do think it’s important for new users to be aware of the inherent risks in sending content to servers for processing. The risk being pictures of your or your loved ones face in malicious hands, in the event of a data breach or cyber attack.
If we were to give you a piece of advice, that would be to refrain from using any non-essential apps like Voila. We share your enthusiasm for technology, but whenever you engage with an app of this kind, you should keep the risks at the back of your mind and act accordingly.
That said, if you are to upload something on Voila or any other app of this kind, make sure that you are using your own images so as not to expose other people, employ a VPN app to try and trick the "fingerprinting" algorithms, and ideally experiment with royalty-free images just to get an idea of how the tech works. Your data privacy is worth a lot more than a moment of fun.