FaceApp: Is The AI Photo Editor a Privacy Risk?

Author: Maciej Biegajewski
FaceApp: Is The AI Photo Editor a Privacy Risk?

If you are worried that Russian secret services are storing your photos for nefarious purposes, fear not, as the latest research suggests otherwise.

The face ageing app first became a global sensation back in 2017, garnering over 80 million active users. Now, it has gone viral again thanks to the FaceApp Challenge, in which celebrities and regular people alike are posting photos of their future older selves. FaceApp, available on Android and iOS devices, uses artificial intelligence to give users an idea of what they may look like a few decades down the line.

However, earlier this week, a single tweet by a web developer named Joshua Nozzi caused a mild panic attack among internet users. He hinted that the application might be fetching all the photos from users’ phones and uploading them to its servers, even if it has not been granted permission to do so.

faceapp prywatność ochrona danych

Much ado about nothing?

As a security researcher under the pseudonym of Elliot Alderson proved, it is merely another “much ado about nothing” moment. Having downloaded FaceApp to verify Nozzi’s claim, he discovered only the photos chosen by users to be edited were sent to the company’s American-based server.

A brief analysis of FaceApp’s hosting records confirmed this discovery: its servers are based in Amazon data centers in the United States. Admittedly, as the developer company has headquarters in St. Petersburg, the photo viewing and editing process takes place in Russia.

Although Russian intelligence or police agencies could command FaceApp to provide any data they deem necessary, obtaining that information from Amazon in the United States would be significantly more complicated.


A safer alternative

So, should the app’s users be concerned for their privacy? A safer option would be for the photo editing process to take place straight on your device instead of having your photos sent to an outside server. However, it is unclear how accurate the editor’s artificial intelligence technology would be.

The application improves its face-ageing algorithm by learning from the photos submitted by users. It could be done directly on users’ devices, thanks to the machine learning features available on Android and iOS, but the company might be reluctant to train artificial intelligence away from its computers.

Although some degree of concern about FaceApp gaining access to our photos is understandable, it is worth analyzing the apps we already have installed on our phone. We are likely to discover many of them were granted access to our photos or even permission to track our location. In order to modify your permissions, you can either delete the app or go to app settings on your phone and change the scope of data apps are given access to.

FaceApp’s official response

In an official statement, FaceApp founder Yaroslav Goncahrov refuted the claim that user data is sent to Russia and explained that most of the photo editing process takes place in the cloud. He ensured that only photos submitted by users for processing are sent to the cloud, and no user data is sold or shared with any third parties.

Goncahrov added that uploaded photos are stored in the cloud merely for performance and traffic purposes. Therefore, if the user wants to make additional edits to the photo, they do not have to upload the photo each time. He said most photos are deleted from the cloud within 48 hours from the date they were uploaded.

All user data can also be deleted upon request. In order to do so, users should go to Settings -> Support -> Report a bug and include the word “privacy” in the subject line in order to make the whole process quicker.

source: Forbes