FaceApp is a privacy nightmare, but so is almost everything else you do online

The hottest app of the moment collects your data, but they're certainly not alone.
FaceApp Permissions
The more permissions you grant to programs like FaceApp, the more data they can collect. FaceApp

Internet phenomena have a tendency to come on strong and totally take over our social feeds, seemingly out of nowhere. The current meme dominating just about every platform involves an app called FaceApp, which uses artificial intelligence to apply surprisingly convincing filters to pictures of people. The app recently introduced a filter that shows what you could look like when you’re old. The results are somewhat convincing and rather entertaining. But, as with all app-based fun, it comes a cost involving your personal info, privacy, and security.

This isn’t the first time the FaceApp has spread around the internet. The app generated attention when it debuted back in 2017. We’ve also seen this kind of phenomena plenty of times before, including Snapchat’s gender swap filter, which was everywhere just a few weeks ago.

The backlash to the FaceApp, however, has been swift and louder than usual because the developer operates out of Russia. To date, however, there’s no proof that the company has ties to the Russian government or has any bad intentions for the data. But, with the 2020 U.S. election getting into its tumultuous swing and years of news reports about Russia’s involvement in the 2016 voting process, users are justifiably on edge.

The company has already issued a statement about the security concerns.

When you download the program, it asks for permission to access your photos, send you notifications, and activate your camera. We’re so used to this process of clicking through permission roadblocks that it’s easy to become numb to it. Granting access to our photo library is, in some ways, the new clicking blindly to agree that we’ve ready the iTunes terms of service agreement. We’re not entirely sure what we’re getting into, but there’s fun on the other side of that dialog box and we want to hurry up and get to it.

If you sign up for FaceApp, however, you are giving up some of your personal information and any content you generate through the app. As a Twitter user pointed out, agreeing to the app’s terms of service grants it very liberal usage of whatever content you upload or create. The terms contain troubling phrases like “commercial” and “sub-licensable,” which means your images—along with information associated with them—could end up in advertisements. This doesn’t mean that the company “owns” your photos like some news outlets have suggested, but rather that they can use them for pretty much whatever they want down the road.

If this sounds familiar, it’s because it’s somewhat similar to the agreement for many other social networks. Twitter, for instance, uses the following language:

“By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later developed).”

You’ll notice that blurb doesn’t include the phrase “commercial” usage, which elevates its security over FaceApp. But, Twitter does have rules that allow “ecosystem partners” to interact with your content according to rules that you almost certainly haven’t read.

Facebook has a similar clause in its terms of service, which read,

“….when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content.”

Again, Facebook leaves out the “commercial” aspect of it, which is an upgrade from FaceApp’s agreement, but you’re still giving the company a generous license.

You have likely seen a lot of your friends looking old on social media this week. You can thank FaceApp. FaceApp

Things get muddier once you start dipping into Facebook apps that have their own terms, which are guided by overarching platform rules, but vary widely from title to title. So, if you’ve ever installed a Facebook app that let you see what your tombstone will say or other fun-stupid things, you may have given up more information than you intended anyway.

But what about the stuff you didn’t mean to share?

When you first open the FaceApp, you can select images to upload and share. The app does its processing on its own servers rather than on the device, so you have to agree to upload an image before you get the sweet payoff of your filtered image. Some users have noticed that you can select single images to upload even if you haven’t given the app access to your photos at all. This certainly seems nefarious, but as Tech Crunch points out, this is actually an iOS feature that debuted back in iOS 11. You can choose a specific image for the app to access without granting it full view of your camera roll and iCloud libraries.

If you give an app wholesale access to your photos, that means it can see anything you have hanging around, including screenshots of personal information. Beyond that, it may also access metadata associated with the image file that could contain things like GPS data from when the photo was taken. It’s a lot of potential info, but there’s no real evidence the app is uploading your entire catalog in the background.

Right now, there’s no specific threat we know about with FaceApp beyond a general distrust toward companies that collect data. So, while it’s OK to feel a little silly for downloading and using the app, it’s also not something to panic over—at least any more than it’s appropriate to constantly panic here in 2019. The app is sending your info to services like Google’s DoubleClick platform, but that’s relatively common for apps at this point.

Face Snatchers

Going forward, however, you can likely expect more and more apps to try and capture information about your face. Companies like Facebook have their own facial recognition technology as well as billions of photos useful for training it. Not every company has that luxury, however.

Amazon, for instance, has a controversial facial recognition tech called Rekognition that relies on exterior image databases from sources like law enforcement. Sports stadiums are using facial recognition to learn more about fans that attend events, and Taylor Swift’s tour used it to try and make sure stalkers weren’t showing up to the venues. Those technologies work better with deeper reference databases full of photos, so if a company like FaceApp wanted to sell its trove of accurately identified selfies, they would be within their rights to do so and finding a buyer wouldn’t be challenging.

Your info is likely already in several databases you don’t even know about like data brokers and people-finder sites. Adding facial info to those data caches could only make them more valuable.

For now FaceApp says it’s not sharing your info with third parties, but it could down the road. If you want the app to remove your data, you can do it, but the process isn’t great and involves sending an email to the company. Even still, doing so won’t necessarily break the license you’ve already given the app to use your content. For now, you can just keep using the app or delete it before you feed it any more personal info. If you’re opting for the latter, you’re probably best served by deleting most of your other apps while you’re at it.