FaceApp: Company responds to privacy controversy by Cyber Security Experts.
Is it the right thing to use this app?
Does your privacy concern you?
In the world of social media,where we have trends. The Face App has made rounds on major social media sites. At the moment the #faceappchallenge is trending and stands at 41.1k tweets on twitter. some experts have quoted this app being scam. But this hasn’t stopped users from the excitement..
In the due course ,The company responded to the controversy that was circulating on media sites concerning its privacy.
Some people warned that the free “old age filter,” created in 2017 by developers at Wireless Lab in St. Petersburg, Russia, poses security concerns that may give them access to your personal information and identity.
Another issue raised by FaceApp users was that the iOS app appears to be overriding settings if a user had denied access to their camera roll, after people reported they could still select and upload a photo — i.e. despite the app not having permission to access their photos.
On the wider matter of cloud processing of what is, after all, facial data, FaceApp confirms that most of the processing needed to power its app’s beautifying/gender-bending/age-accerating/-defying effects are done in the cloud.
Though it claims it only uploads photos users have specifically selected for editing. Security tests have also not found evidence the app uploads a user’s entire camera roll.
FaceApp goes on to specify that it “might” store the photos users have chosen to upload in the cloud for a short period, claiming this is done for “performance and traffic” — such as to make sure that a user doesn’t repeatedly upload the same photo to carry out another edit.
“Most images are deleted from our servers within 48 hours from the upload date,” it adds.
It also claims no user data is “transferred to Russia”, even though its R&D team is based there. So the suggestion is that storage and cloud processing are being performed using infrastructure based outside Russia. (We’ve asked it to confirm where this is done. Update: Founder Yaroslav Goncharov told us it uses AWS and Google Cloud.)
“We don’t sell or share any user data with any third parties,” it adds.
FaceApp also says users can request their data is deleted. Though it doesn’t yet have a very smooth way to do this — instead it asks users to send delete requests via the mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line, adding that it’s “working on a better UI for that”.
It also points out that the vast majority of FaceApp users don’t log in — making the point that it’s not able to link photos to identities in most cases.
Here’s its statement in full:
- FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
We don’t sell or share any user data with any third parties.
Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.
I must say I havent yet downloaded and used this app on my phone,May be I will but after understanding the concept of it all.
Will keep you posted.