FaceApp has gone viral this week, but many users on social media have raised concerns surrounding privacy and facial recognition. Do these concerns have any basis?
ADVERTISEMENTIf you’ve been scrolling through Twitter, Instagram, or Facebook this week, chances are you have seen photographs of your friends looking older, younger, or even changing in gender overnight.
The app they are using, FaceApp, has been enjoying a boost in popularity this week and counts celebrities such as Drake and Gordon Ramsey among its 80 million users.
This week, it overtook Instagram and Whatsapp on the Apple App Store's top chart as the most downloaded app, prompting CEO Yaroslav Goncharov to post on Facebook: "Change, it's nice."
But many users on social media have raised concerns surrounding privacy and facial recognition — do these concerns have any basis?
What is FaceApp?
FaceApp was founded in 2017 by Wireless Lab, a company based in St Petersburg, Russia. That year, the app was widely criticized for “racist” selfie filters; an option labelled as “hot” seemingly lightened users’ skin tones.
A few months later, users were outraged to see that the app had introduced a series of “ethnicity change” filters, where users could alter photos to appear “black,” “Indian,” or “Asian.”
Two years on, the app was back in the spotlight and some social media users were wondering why it has gone viral, seemingly out of nowhere.
One rumour that was circulating alleged the app may be grabbing users’ photos from their phones and uploading them to the FaceApp server without asking.
While there is as yet no evidence to support these claims, people took to Twitter to voice concerns.
What does FaceApp's privacy policy say?
FaceApp states in its privacy policy that they use “third-party analytics tools” which “collect information sent by your device or our Service, including the web pages you visit, add-ons, and other information that assists us in improving the Service.”
The policy highlights that the purpose of this is to “measure traffic and usage trends for the Service,” and reiterates that "we will not rent or sell your information to third parties outside FaceApp.”
But in the same section it is also written that the app shares information with “third-party organizations that help us provide the Service to you” and deliver targeted ads.
The privacy policy, French security researcher Baptiste Robert told Euronews, is "pretty vague".
However, he also said: "We don’t have an answer in the how [photos are stored] but we can see that only the photo you are working on is uploaded to their servers.
"They are not uploading the gallery of the user to their server, only the current photo."
However, Robert highlighted that the company is not General Data Protection Regulation (GDPR) compliant, "which is an issue."
GDPR safeguards EU citizens' personal online data. It states that to be able to use an app, an account must be made on the app — FaceApp, however, does not require an account for users to process their pictures.
Jamal Ahmed, a privacy and GDPR consultant for Kazient, also emphasised to Euronews that the company's privacy policy is "completely non-compliant with GDPR", adding: "I would welcome action by Supervisory Authorities in Europe to block/ban access to EU citizens from such Data Controllers."
ADVERTISEMENTFurthermore, he flagged concerns over the app's Russian connection. "I would not be surprised if in the future it transpired they harvested/shared this data with Russian authorities for facial recognition state surveillance," he said.
What has FaceApp said?
In a statement to Euronews, FaceApp said that only photos uploaded by the user are sent to the FaceApp cloud, where most of the photo processing for the app is performed.
“We never transfer any other images from the phone to the cloud,” the statement said.
A photo uploaded to the cloud may be stored for reasons of “performance and traffic,” and “most images are deleted from our servers within 48 hours from the upload date.”
The statement reiterated that FaceApp does not “sell or share any user data with any third parties,” adding.
ADVERTISEMENT“Even though the core R&D team is located in Russia, the user data is not transferred to Russia,” it added.
FaceApp also commented on concerns that photos from phone galleries were uploaded to their servers after a user granted access to the photos: “We don't do that. We upload only a photo selected for editing.”
To upload or not to upload?
James Whateley, a strategy partner with Digitas UK, weighed in on the issue, telling Euronews: "I just think there's something veering on the dishonest when an app parades itself as a bit of fun, not unlike your average ephemeral Snapchat filter, while quietly removing you of all your rights to your own likeness.
"The terms aren't that dissimilar to the Facebooks and Instagrams of this world but at least with them, you know what you're signing up for.
"With FaceApp, the value 'exchange' is not explicit at all. And there's no opt-out either."
ADVERTISEMENTRobert highlighted the danger of uploading photos to any app: "Uploading your face to a random app is a privacy nightmare. People shouldn’t do that."