FaceApp: Is this Russian startup misusing user data?

The FBI has been called to investigate it.

  • FaceApp is a popular smartphone app that can take your selfie and make you look older.
  • Recently, some have claimed that FaceApp – created by a Russian company – could be misusing user data.
  • On Wednesday, the Democratic National Committee sent out a security alert about the app to 2020 presidential campaigns.

Some are concerned that FaceApp – the popular smartphone app that alters users' selfies to make them look old – might be misusing user data.

If you're one of the more than 100 million users who've downloaded the app since 2017, don't worry: There's no evidence to suggest that your photos or content have been stolen, or will be misused. But that doesn't mean you shouldn't take a closer look at what this app – and other popular apps – are doing with your data.

The FaceApp debacle started when Joshua Nozzi, a software developer and technical author, claimed on Twitter that FaceApp uploads all of users' photos to its servers, whether "you chose [a photo] or not." Nozzi later retracted that claim, and FaceApp issued a statement saying that, "Most images are deleted from our servers within 48 hours from the upload date." Privacy researchers have confirmed that FaceApp does not upload all of its users' photos to servers. The company does, however, upload single images – the ones users ask the app to manipulate – to remote servers, where it applies image filters.

This process wasn't made clear to users.

"I cannot think of any situation where an app should not be very painfully clear about a photo being uploaded to a remote server," Will Strafach, security researcher and developer of Guardian, an iOS firewall app, told Wired. "Users always have the right to know this."

Other privacy concerns arose over the company's terms of service agreement. Section 5 of the agreement, for example, "grants FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you."

And another concern stems from the fact that FaceApp was developed by Wireless Lab based in St. Petersburg, Russia. Of course, this doesn't necessarily tie the company to the Kremlin. (After all, the company's servers are based in the U.S. where they use Amazon's cloud.) But recent reports about the startup were enough to cause the Democrat National Committee to send out a security alert to 2020 presidential campaigns.

"This app allows users to perform different transformations on photos of people, such as aging the person in the picture. Unfortunately, this novelty is not without risk: FaceApp was developed by Russians," read the alert from Bob Lord, the DNC's chief security officer. "It's not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks."

On Wednesday, Sen. Chuck Schumer (D-NY) asked the F.B.I. and the Federal Trade Commission to investigate FaceApp.

"It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States," he wrote.

​Are these concerns unfounded?

It's tough to say for sure. FaceApp's terms of service agreement might sound a little overarching — and it is, in a way — but it's also pretty similar to agreements proffered by other popular apps.

"We always have concerns," Jeremy Gillula, tech projects director at the Electronic Frontier Foundation, told The New York Times. "The fact that a lot of apps and services usually contain this catchall clause that says you grant us worldwide license to reproduce, modify, adapt, create derivative works from, distribute, publicly perform and display your user content always seems a little over the top to me."

Nozzi, the software developer who first raised concerns over FaceApp, wrote in a blog post that there are still legitimate security concerns over FaceApp, even if he retracted his initial claim that the app uploads all user photos to its servers.

"The biggest oddity is that the app asks for full, unfettered access to your photos (on iOS) without really needing to. It then begins doing … something … with them that takes time, as they appear a few at a time, and rather slowly. The fact is, it doesn't need access to your photos at all. In iOS, apps can invoke the system's photo picker, a system-managed panel that lets users choose the images they wish to "give" to an app without granting it wholesale access to all your photos. Indeed, you can refuse it access to your photos and still use the button near the bottom to invoke this photo picker to give it just the photo(s) you want it to have. What are they doing with full access? What might they do in the future? Why request it at all?"

Of course it'd be scary to learn that an app has access to all of the photos you store on your phone. But it's worth noting that there's little preventing bad actors from using publicly available photos to do some pretty shady things — namely, create deepfakes. As Big Think reported in May, it's now possible for an A.I. to take one single photo and convincingly animate it. This has frightening implications on the future of propaganda: Soon, it could be easy for bad actors to make it appear as if their targets are doing or saying things they never did in real life.

But before that dystopian nightmare sets in, here are a few simple ways you can protect the data on your smartphone, as Nicholas Thompson, editor-in-chief at Wired, told CBS News:

  1. Delete apps that you rarely use
  2. Don't allow apps to access your location, or only allow an app to access location services while you're using that app
  3. For apps that you use a lot, like Instagram and Facebook, go into Support and disable options that allow the app to collect and send data back to the company

Befriend your ideological opposite. It’s fun.

Step inside the unlikely friendship of a former ACLU president and an ultra-conservative Supreme Court Justice.

Sponsored by Charles Koch Foundation
  • Former president of the ACLU Nadine Strossen and Supreme Court Justice Antonin Scalia were unlikely friends. They debated each other at events all over the world, and because of that developed a deep and rewarding friendship – despite their immense differences.
  • Scalia, a famous conservative, was invited to circles that were not his "home territory", such as the ACLU, to debate his views. Here, Strossen expresses her gratitude and respect for his commitment to the exchange of ideas.
  • "It's really sad that people seem to think that if you disagree with somebody on some issues you can't be mutually respectful, you can't enjoy each other's company, you can't learn from each other and grow in yourself," says Strossen.
  • The opinions expressed in this video do not necessarily reflect the views of the Charles Koch Foundation, which encourages the expression of diverse viewpoints within a culture of civil discourse and mutual respect.
Keep reading Show less

Physicists find new state of matter that can supercharge technology

Scientists make an important discovery for the future of computing.

Surprising Science
  • Researchers find a new state of matter called "topological superconductivity".
  • The state can lead to important advancements in quantum computing.
  • Utilizing special particles that emerge during this state can lead to error-free data storage and blazing calculation speed.
Keep reading Show less

Physicist advances a radical theory of gravity

Erik Verlinde has been compared to Einstein for completely rethinking the nature of gravity.

Photo by Willeke Duijvekam
Surprising Science
  • The Dutch physicist Erik Verlinde's hypothesis describes gravity as an "emergent" force not fundamental.
  • The scientist thinks his ideas describe the universe better than existing models, without resorting to "dark matter".
  • While some question his previous papers, Verlinde is reworking his ideas as a full-fledged theory.
Keep reading Show less

How to heal trauma with meaning: A case study in emotional evolution

As tempting as it may be to run away from emotionally-difficult situations, it's important we confront them head-on.

  • Impossible-sounding things are possible in hospitals — however, there are times when we hit dead ends. In these moments, it's important to not run away, but to confront what's happening head-on.
  • For a lot of us, one of the ways to give meaning to terrible moments is to see what you can learn from them.
  • Sometimes certain information can "flood" us in ways that aren't helpful, and it's important to figure out what types of data you are able to take in — process — at certain times.
Keep reading Show less