CyberScout

Viral FaceApp poses privacy risk to children

FaceApp

If you’ve been on Facebook, Instagram, Twitter and doubtless other social platforms over the past few days, you have probably seen pictures of friends and acquaintances in Rip van Winkle mode having aged many years, or perhaps you peeped someone appearing to be a different gender.

That’s FaceApp, which uses a form of artificial intelligence to add age, hair, smiles, and swap gender or beard styles among other effects to the head shots users upload to the app. The resulting “photo” is something we might call a shallow fake, as opposed to a deepfake.

FaceApp is currently one of the most popular apps on both the iOS and Android platforms. And if it reminds you of something, may I suggest that certain something is probably Snapchat’s filters? App-based fun with faces is nothing new. FaceApp has been around for a while—begging the question why it’s going viral now—and whether it matters that it’s owned by a company based in St. Petersburg, Russia.

On the Russia question, the answer is a resounding “probably not.”

It’s worth bearing in mind Cambridge Analytica wasn’t Russian, and that company was behind an egregious data grab made possible by the promise of fun--Facebook propagated personality quizzes.

While it doesn’t matter that the company is Russian-owned, what does matter is the company’s privacy policy, which hasn’t been updated since 2017. Privacy abuses in the world of face-altering apps are also nothing new. Earlier this year, it was revealed that the Ever app used pictures uploaded by users to develop facial recognition tools, and IBM did something similar with Flckr images.

What You Need to Know

The rumors swirling about the FaceApp’s nefarious side, including the possibility that it uploads to its server all the images on your phone are not true. The details are not particularly interesting—but you can read about them here.

Bottom line: one image (the one selected by the user for manipulation) is the only picture FaceApp takes into possession. Because the image uploaded is sent to the cloud, there is an opening there for hackers to intercept data (many cyber security experts would add an “unnecessary” one).

Then there’s the fact that the app uses data garnered to target users for advertisements. The app collects “information sent by your device or our Service, including the web pages you visit, add-ons, and other information.”

And while that’s no bueno for most consumers, the really uncool part is that it could be happening to kids. When it comes to underage users whose images may not be “out there” the way it is for the celebs currently posting geezer versions of themselves—there is no real safeguard built into FaceApp.

The privacy policy states: “FaceApp does not knowingly collect or solicit any information from anyone under the age of 13. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us.”

So, yeah. Police yourself. We’ll get back to you (or not). In cyber-speak: Children should not be allowed to use the app.

Should you use FaceApp? Not my place to say, but in the world we inhabit where the constant and pervasive threat of cyber exploits dogs our every move, the best way to stay safe on any given platform is not to be on it.

About Adam Levin   |   Chairman and Founder   |   CyberScout

Adam Levin Chairman and cofounder of Credit.com and CyberScout.com. Adam’s experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit. Have a question for our experts? Email them at CreditExperts@Credit.com.