Vietnam Time

7/19/2019 4:22:23 PM

Should you be concerned about FaceApp?

Users are flocking to the app to see what they may look like wrinkled, but critics have advised caution.

FaceApp's old-age feature is the latest social media craze. (Photo: FaceApp)

FaceApp, which was launched by Russian publisher Wireless Lab in 2017, uses artificial intelligence to modify users' photos, changing their hair colour, adding wrinkles or subtracting years from their faces.

It is currently the most downloaded free application on Google Play, with more than 100 million users, after its new aging filter attracted interest from celebrities including music superstar Drake and NBA champion Steph Curry. 

However, as social media users populate their feeds with these entertaining selfies, is there a cause for concern about how their data is being used?

WHAT ARE THE CONCERNS OVER FACEAPP?

Concerns over the app and its data privacy have gained traction over the past week.

Clauses in the app’s terms and conditions include granting FaceApp permission to use the photos for commercial purposes.

“While it may initially seem private, the terms of service from some of these apps may raise some concern around privacy since they do not make entirely clear on what is happening behind the scenes,” Shashwat Khandelwal, McAfee’s head of Southeast Asia consumer business, told CNA in an email interview.

“When users grant certain permissions through the app, the company may use the data for their own benefit,” he added.

Screengrab of FaceApp's terms.

FaceApp CEO Yaroslav Goncharov, however, has told the Washington Post that the app only uploads photos selected by a user for editing and that most photos are deleted from its servers within 48 hours.

Government authorities in Russia do not have any access to the photos, he told the Post, adding that the company does not "sell or share any user data with any third parties".

Goncharov was also cited in BBC as saying that the terms in FaceApp's privacy policy are generic and that the company does not share the data for ad-targeting purposes.

Instead, the app makes its money through paid subscriptions for premium features, he said.

Still, Shashwat noted, the app stores data on a cloud and “the fact remains that FaceApp gains access to the user’s photographs by the user’s own will".

"Once the photograph is with FaceApp, it is up to them how they choose to handle that content”, he said.

Additionally, photographs uploaded to the cloud are at risk of being targeted by hackers who may use them for running facial identification to compromise individuals and companies, said Mr Alvin Rodrigues, senior director and security strategist at Forcepoint Asia Pacific & Japan.

"The face is your personal copyright. From a security perspective, you are giving away your ability to use your face as a password to log files or to lock your devices," he said.

FaceApp has also come under fire in the United States, with one senator urging a Federal Bureau of Investigation (FBI) probe, reported AFP.

"FaceApp's location in Russia raises questions regarding how and when the company provides access to the data of US citizens to third parties, including potentially foreign governments," Senate Minority Leader Chuck Schumer said in a letter to the FBI.

"It would be deeply troubling if the sensitive personal information of US citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States," he added.

The UK's Information Commissioner's Office (ICO) told BBC News it was aware of stories raising concerns about FaceApp and that it would be considering them.

"We would advise people signing up to any app to check what will happen to their personal information and not to provide any personal details until they are clear about how they will be used," a spokeswoman for the ICO said.

Poland and Lithuania have also said they are looking into the potential security risks of the app.

Poland's digital affairs ministry said it was "analysing" the security risks posed by FaceApp to the personal data of its users, despite assurances by its designers that the app is safe.

"Various experts point to possible risks related to inadequate protection of users' privacy," the ministry said in a statement on its website.

Cybersecurity authorities in EU neighbour Lithuania are also investigating potential threats to users' personal data, deputy defence minister Edvinas Kerza told AFP.

Kerza added that the makers of FaceApp have cooperated with other Russian Internet companies that may not comply with EU data use regulations.

All Your Friends Are Posting Aging Selfies With FaceApp – A Russ - News 9

WHAT ABOUT OTHER SIMILAR APPS?

FaceApp is not the first app where users upload pictures of themselves. Popular apps such as Instagram and Facebook all make use of similar features and contain user data. According to the editor-in-chief of tech site Lifewire, Twitter also has similar clauses within its terms and conditions.

"Indeed, while the spotlight for the past week has been on FaceApp’s privacy policies on the back of its virality across social media, it’s important that we remember that similar policies are in place across all major social media networks – FaceApp’s policies don’t go against the grain," Shashwat said.

SHOULD USERS BE RESPONSIBLE FOR THEIR OWN DATA?

Sixty-three per cent of consumers do not read license agreements and 43 per cent just tick all privacy permissions when they are installing new apps, said Kasperky's general manager for Southeast Asia, Yeo Siang Tiong, referring to a study done three years ago.

He added that "there is no harm in joining online challenges or installing new apps", but "the danger lies when users just grant these apps limitless permissions into their contacts, photos, private messages, and more".

Users should do some research and look out for any red flags that have been raised around apps’ security, Shashwat added.

“Make sure you always read the privacy terms and conditions when signing up to ensure that your personal data isn’t shared with anyone you don’t know or trust.

“It’s also important to be aware of how your data could be used and accessed by third party sites and apps,” he added.

When it comes to deciphering the chunk of text found within the terms and conditions, Mr Shashwat suggested that consumers look out for the following - personal data, ranging from names or usernames to pictures, location data and browsing habits.

“The privacy policy of any app should dictate how the data that was acquired from the user is handled from start to end. This includes how the data is meant to be used, storage and transfer policies, the duration the data will be kept by the app, policies around how the user can ask for the data to be removed, and whether the data is accessed by any additional third parties,” he said.

“Overall, it’s a good security habit for all consumers to only share personal data when it’s absolutely necessary.”Users are flocking to the app to see what they may look like wrinkled, but critics have advised caution.

You give up more personal data than you realize on this app.

FaceApp, which was launched by Russian publisher Wireless Lab in 2017, uses artificial intelligence to modify users' photos, changing their hair colour, adding wrinkles or subtracting years from their faces.

It is currently the most downloaded free application on Google Play, with more than 100 million users, after its new aging filter attracted interest from celebrities including music superstar Drake and NBA champion Steph Curry. 

However, as social media users populate their feeds with these entertaining selfies, is there a cause for concern about how their data is being used?

WHAT ARE THE CONCERNS OVER FACEAPP?

Concerns over the app and its data privacy have gained traction over the past week.

Clauses in the app’s terms and conditions include granting FaceApp permission to use the photos for commercial purposes.

“While it may initially seem private, the terms of service from some of these apps may raise some concern around privacy since they do not make entirely clear on what is happening behind the scenes,” Shashwat Khandelwal, McAfee’s head of Southeast Asia consumer business, told CNA in an email interview.

“When users grant certain permissions through the app, the company may use the data for their own benefit,” he added.

FaceApp CEO Yaroslav Goncharov, however, has told the Washington Post that the app only uploads photos selected by a user for editing and that most photos are deleted from its servers within 48 hours.

Government authorities in Russia do not have any access to the photos, he told the Post, adding that the company does not "sell or share any user data with any third parties".

Goncharov was also cited in BBC as saying that the terms in FaceApp's privacy policy are generic and that the company does not share the data for ad-targeting purposes.

Instead, the app makes its money through paid subscriptions for premium features, he said.

Still, Shashwat noted, the app stores data on a cloud and “the fact remains that FaceApp gains access to the user’s photographs by the user’s own will".

"Once the photograph is with FaceApp, it is up to them how they choose to handle that content”, he said.

Additionally, photographs uploaded to the cloud are at risk of being targeted by hackers who may use them for running facial identification to compromise individuals and companies, said Alvin Rodrigues, senior director and security strategist at Forcepoint Asia Pacific & Japan.

"The face is your personal copyright. From a security perspective, you are giving away your ability to use your face as a password to log files or to lock your devices," he said.

FaceApp has also come under fire in the United States, with one senator urging a Federal Bureau of Investigation (FBI) probe, reported AFP.

"FaceApp's location in Russia raises questions regarding how and when the company provides access to the data of US citizens to third parties, including potentially foreign governments," Senate Minority Leader Chuck Schumer said in a letter to the FBI.

"It would be deeply troubling if the sensitive personal information of US citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States," he added.

Poland and Lithuania have also said they are looking into the potential security risks of the app.

Poland's digital affairs ministry said it was "analysing" the security risks posed by FaceApp to the personal data of its users, despite assurances by its designers that the app is safe.

"Various experts point to possible risks related to inadequate protection of users' privacy," the ministry said in a statement on its website.

Cybersecurity authorities in EU neighbour Lithuania are also investigating potential threats to users' personal data, deputy defence minister Edvinas Kerza told AFP.

Kerza added that the makers of FaceApp have cooperated with other Russian Internet companies that may not comply with EU data use regulations.

WHAT ABOUT OTHER SIMILAR APPS?

FaceApp is not the first app where users upload pictures of themselves. Popular apps such as Instagram and Facebook all make use of similar features and contain user data. According to the editor-in-chief of tech site Lifewire, Twitter also has similar clauses within its terms and conditions.

"Indeed, while the spotlight for the past week has been on FaceApp’s privacy policies on the back of its virality across social media, it’s important that we remember that similar policies are in place across all major social media networks – FaceApp’s policies don’t go against the grain," Shashwat said.

SHOULD USERS BE RESPONSIBLE FOR THEIR OWN DATA?

Sixty-three per cent of consumers do not read license agreements and 43 per cent just tick all privacy permissions when they are installing new apps, said Kasperky's general manager for Southeast Asia, Yeo Siang Tiong, referring to a study done three years ago.

He added that "there is no harm in joining online challenges or installing new apps", but "the danger lies when users just grant these apps limitless permissions into their contacts, photos, private messages, and more".

Users should do some research and look out for any red flags that have been raised around apps’ security, Shashwat added.

“Make sure you always read the privacy terms and conditions when signing up to ensure that your personal data isn’t shared with anyone you don’t know or trust.

“It’s also important to be aware of how your data could be used and accessed by third party sites and apps,” he added.

When it comes to deciphering the chunk of text found within the terms and conditions, Mr Shashwat suggested that consumers look out for the following - personal data, ranging from names or usernames to pictures, location data and browsing habits.

“The privacy policy of any app should dictate how the data that was acquired from the user is handled from start to end. This includes how the data is meant to be used, storage and transfer policies, the duration the data will be kept by the app, policies around how the user can ask for the data to be removed, and whether the data is accessed by any additional third parties,” he said.

“Overall, it’s a good security habit for all consumers to only share personal data when it’s absolutely necessary.”

VNF/CNA  
[ Back ]
  •   
  •  

Send comment

Code
Video