If you haven’t used FaceApp already, you’ve probably seen your friends or your favorite celebrities use FaceApp this week to share what they’d look like when they’re old and gray.
NOTE THERE IS AN UPDATE AT THE END OF THIS POST.
Results of FaceApp with your photos |
The culprit? The photo-distorting app FaceApp, which became the most downloaded smartphone app in the U.S. on Wednesday, July 17.
But FaceApp also sparked a privacy controversy because it is not a Facebook app as most users believe it to be.
FaceApp was developed in Russia and when users gave their photo, they gave away much more than that.
FaceApp gained access to hundreds of millions of faces to do with as they wished and that is what gave lots of people a queasy feeling.
An alert from the US Senate was sent over the internet, alerting people to delete FaceApp, citing the app’s Russian origins. The House of Representatives followed up with FBI letters and Federal Trade Commission letters asking for an investigation.
Interestingly silent with nothing to say on the matter was Donald Trump.
Mark Zuckerberg's Facebook owned the third party app "WhatsApp" and he was initially wrongly accused of being the owner of the FaceApp. He said this is the meal before the main course - a hack in the making.
Based in Russia, FaceApp has disguised itself because it uses servers run by American companies to store the photos they have accessed during the morphing process and when users allowed them access to their photo albums and Facebook timelines.
FaceApp says it deletes them after 48 hours but users go back to the app sometimes a week later and their photos are still there.
FaceApp’s terms of service give it broad rights to the images it captures and much more. These are permissions that most people DO NOT READ.
So here is a snippet - the link to full TOS is below this paragraph:
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. By using the Services, you agree that the User Content may be used for commercial purposes.”
https://faceapp.com/privacy has an address of Saint Petersburg, Russia listed in the app's terms.
In other words: FaceApp can do essentially whatever it wants with users’ pictures.
Many have already expressed concerns about a few of the app’s practices, including uploading pictures to the cloud, rather than processing pictures on users’ own devices.
FaceApp, using a complex workaround, said it lets users request the app to remove their data from its servers. “For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘Privacy’ in the subject line.”
FaceApp says it only uploads the pictures users choose and does not “transfer any other images from the phone to the cloud.” And while the company said it doesn’t “sell or share any user data with any third parties,” it has no comment on any future plans to monetize images.
They own your pictures now, they can do what they want with them.
If you’re worried about FaceApp, you should be. But you should also be worried about the dozens of other apps on your phone or tablet that are doing the same kind of data-mining.
Experts point out that many other tech companies, including Facebook and health apps, have similarly broad rights in their TOS, too.
But they are not based in Russia. And they obviously didn't wipe photos in 48 hours or users wouldn't have to request them to be deleted as long as 3 months later.
If you search ‘FaceApp’ on Google Play now, you can see a number of download options that resemble FaceApp. According to Oslo-based security company Promon, these fakes more often than not contain malicious software to piggyback off the success and popularity of the app they are copying.
Some experts say this is the beginning of another ploy for a third-party app to gain as much information as it can.
We have seen this before with WhatsApp, also a third-party app that once it gained an overwhelming amount of information, that info was then acquired by Cambridge Analytica, who provided it to the Donald Trump Campaign. The information was then used to manipulate voters so that Trump could win the 2016 Presidential election.
Some pundits are saying now that Trump is feeling threatened for 2020, this could be another setup of a third-party app gaining information acting as a contractor for some unknown entity, who will then provide it to Trump Campaign to make sure that Trump will again have inside information for the 2020 election.
The truth is - we don't know. Yet.
In the coming months, we MAY hear that this third party app is connected in some way - either by selling or being hacked. We may also hear that these bad actors work for a Trump shell company.
Either way, the American public has been snookered once again by a bad actor vanity app who they willingly gave access to their information because their vanity overpowered their sense of security.
Do users care that the Russians might be stealing their faces and other permissions they gave them by using the app?
If you downloaded FaceApp to make yourself look old, DO NOT give it access to your photos when it asks; and if you DID give it access by accident, you can remove its permissions within your smartphone's settings. When you're done looking at your old age self, consider deleting the app and requesting that FaceApp delete your data.
In a statement, FaceApp said it accepts removal requests BUT the FaceApp team is “overloaded” at the moment. Users can send the request through Setting > Support > Report a bug, and write the word “Privacy” in the subject line.
Of course, we can't know if FaceApp actually destroys the photo's metadata, but it’s worth noting that we consciously and voluntarily upload images of our faces to apps on other servers all the time.
Americans are so worried about privacy issues that even after being notified that FaceApp has Russian origins and is a bad actor, they are still NOT choosing sensibly. Facebook users are still using the morph app as late as Friday July 19, 2019.
Whether by being hacked or by sheer carelessness, the data collected by FaceApp will fall into the wrong hands - just as we saw in the months before the 2016 election - and that will be the beginning of a Facebook hacking season, the likes of which we have never seen before. Requesting that your data be deleted may be a waste of time, but give it a shot anyway.
FaceApp is a bad actor hiding in sheep's clothing.
Don't use it.
UPDATED JULY 24, 2019
HOW TO DELETE YOUR FACEAPP DATA
Deleting the FaceApp itself is not enough to protect your photos.
You need to request to have your data removed from their servers. Users can use the "Report a bug" feature on the app or they can write to the company using the directions we listed above.
To use the fix on the app,
-- go to 'SETTINGS' (upper left corner),
-- then 'SUPPORT'
-- Click 'REPORT BUG AND SEND LOGS'
-- Tell them you have PRIVACY concerns and ASK for your data to be deleted.
Make sure you use the word PRIVACY in your request. That is the buzzword that they have to honor when getting requests that users want their data deleted.
It can take up to a month for them to do it, because everyone is asking right now, but at least they are doing it.
Please share this with your friends so they can enjoy our websites too.