Pop stars, athletes, and millions of others posted photos of themselves edited with the app – but what are the much-publicized privacy risks?
FaceApp can make your face look old – but does it also invade your privacy? In the past week photos from the app – and fears about cybersecurity issues – have swirled through social media with more distortions than clarity.
LeBron James posted this photo to Instagram.
The 2017 app lets users edit photos to make themselves look older – or younger, or like a person of another gender – sometimes with hilarious effects. Pop stars have used it to suddenly look like senior citizens. Professional athletes are making themselves unrecognizable. It’s suddenly very popular to take the “FaceApp challenge,” as some have called posting the app’s photos. Although the app isn’t new, its rediscovery seems to be a major fad of the summer of 2019.
App stores seem to endorse the app. Google’s Play Store touts the Android app – with 1.5 million downloads – as an Editors’ Choice. Apple’s App Store, which doesn’t show the number of downloads, shows a rating of 4.8 out of 5 from 714K users.
The Google Play Store made FaceApp an Editors' Choice app.
Then on Wednesday, a Democratic Party leader, U.S. Sen. Chuck Schumer of New York, posted this alarming message to Twitter:
“BIG: Share if you used #FaceApp: The @FBI & @FTC must look into the national security & privacy risks now. Because millions of Americans have used it. It’s owned by a Russia-based company. And users are required to provide full, irrevocable access to their personal photos & data.”
The Democratic National Committee – which was hacked in 2015-2016 by Russian cybercriminals – warned its more than 20 presidential candidates to avoid the app in a letter on Wednesday, CNN reported.
Suddenly the fad sweeping social media didn’t seem so harmless. Could FaceApp’s viral adoption hurt U.S. national security? Could it be a serious threat to your security?
“Taking a step back to look at the facts shows this is not a major cybersecurity issue.” – Nikolaos Chrysaidos, Avast head of mobile threat intelligence
The answer to both questions is no, says Nikolaos Chrysaidos, Avast’s head of mobile threat intelligence and security, who checked web traffic and found the app is not sending users’ sensitive data back to servers. “I see no sign of the app invading privacy in nefarious ways,” Chrysaidos said. “While it’s true that the app is collecting data and photos in the way it functions, that kind of risk comes with many apps like this.
“People hear AI, privacy, and Russia and are understandably concerned. But taking a step back to look at the facts shows this is not a major cybersecurity issue.”
Despite the uproar, this app is not vastly different from many other popular apps, and has been in operation for two years. FaceApp has explained its use of data, and what parts of the company have Russian ties, as reported by TechCrunch. Google engineers have looked into the app’s security. And independent cybersecurity researchers told The New York Times that concerns about FaceApp are overblown.
“This isn’t a malicious app, but it is one of many apps that raise privacy issues,” Chrysaidos said. “This isn’t an urgent issue, but it is a prevalent one. Companies producing apps should be more transparent about their use of data, and responsibility also lies with consumers. It’s yet another reminder to practice better overall cybersecurity on your mobile device.”
FaceApp adds that it deletes many photos from its servers within 48 hours and many users do not log in. “All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person,” TechCrunch reported. People can also use FaceApp without allowing the app to access their photo libraries by only editing photos they take via the app.
A greater public understanding of privacy and apps could help clarify security issues before an app goes viral, Chrysaidos said. When concerns fly around social media and become part of a viral topic, it can become very difficult to see the true face of an issue.
Consumers worried about FaceApp can look at the bigger picture by reviewing what apps are on their devices, learning more about privacy issues, and installing Avast Mobile Security on their Android device.
The latest sizable data breach from Facebook can and should be a motivation for many people to move off SMS-based codes to authenticator apps.
Sharing your location by choice is a great way to connect with your loved ones, but many apps that share your location can also be used as a form of stalkerware.