FaceApp, is the viral Russian app dangerous?

FaceApp, a viral photo-editing app that allows users to see what they may look like in old age has proved to be an online hit. But over the past week it has also raised security and privacy concerns over its use of personal data and its Russia-based developers.

The app, which uses neural networks to tweak facial expressions on photos, swap genders and make faces look younger or older, has been around for a while and faced criticism before.

Soon after its launch in 2017, FaceApp had to promptly remove a new feature allowing users to change their ethnicity in images after it prompted widespread accusations of racism.

Legitimate concerns

The latest round of debate about the app has apparently been prompted by a tweet – now deleted – by a software developer named Joshua Nozzi, who claimed that it “immediately uploads” all photos from a user’s device without consent.

FaceApp CEO Yaroslav Goncharov denied the allegations, saying that they “only upload a photo selected by a user for editing” and that most images are deleted from their servers “within 48 hours from the uploading date”.

A French security researcher who uses pseudonym Elliot Alderson also checked the app and found that FaceApp only uploads the image submitted for editing to its server.

Nozzi subsequently apologised for his tweet, but stressed that some “legitimate” privacy concerns about the app remain.

He cited, in particular, a clause in the app’s terms of use that grants it extensive rights to user content, including its potential use for commercial purposes.

Other commentators, however, argued that FaceApp’s terms of use – albeit vague – are in fact very similar to those of major social media giants, such as Twitter and Facebook.

“While we are dragging FaceApp for taking out photos as their own, probably worth rereading Twitter’s Terms of Service,” tweeted Lance Ulanoff, the editor in chief of Lifewire, along with a screen grab of the section of Twitter’s terms of service that grants it extensive rights over a user’s content.

Made in Russia

Another major point of concern has been the provenance of the app and its possible use by the Russian state.

Online speculation was exacerbated last Wednesday (17 July) by an appeal from senior US senator Chuck Schumer to investigate FaceApp.

In a letter posted on Twitter, Schumer raised questions about the service’s terms and conditions that require users to provide “full and irrevocable access to their personal photos and data” and said it would be “deeply troubling” if personal data of US citizens ended up in the hands of a “hostile foreign power”.

The Democratic National Committee joined in, urging 2020 presidential election campaigns not to use the viral app.

Given the well-documented evidence of Russia’s attempts to interfere in the 2016 presidential election, such strong reaction from US politicians and commentators is, perhaps, unsurprising.

Back then, Russia-sponsored operatives used fake social media accounts – that pretended to be American citizens – to sow discord and sway public opinion.

In addition, the Russian authorities have a history of gathering the personal data of citizens, which is sometimes used to prosecute activists and critics.

Last year, VK (or VKontakte), Russia’s largest social media network, faced repeated criticism for handing over user data to the police and security services at their request. The company says it is obliged by law to do so.

Fears exaggerated?

Yet, when it comes to FaceApp, there does not seem to be enough evidence to suggest that it is collaborating with the Russian authorities or using people’s data for nefarious purposes.

Wireless Lab, the Russia-based company behind FaceApp, has no known links to the Kremlin.

Some media reports suggested that the company had recently relocated from St Petersburg to the Skolkovo Innovation Centre, a government-funded, high-tech business park outside Moscow. However, in a statement to the digital media website Mashable, the firm’s CEO denied that it had ever received “any funding from any funds associated with any governments”.

The Skolkovo Foundation confirmed that Wireless Lab is among its residents, but added that it had not received venture funding or grants and is not affiliated with its investment offshoot, Skolkovo Ventures.

Responding to allegations that data may be handed over to the Russian government, Goncharov said that although its core Research and Development (R&D) team is located in Russia, its “user data is not transferred to Russia”.

Having analysed the app’s hosting records, Forbes drew the conclusion that its data is stored primarily in the US on the Amazon servers rather than Russia. FaceApp told the magazine that some servers were also hosted by Google in Ireland and Singapore.

This does not mean, however, that the Russian authorities will never get access to the company or its technology.

In 2018, a subsidiary of the Russian state corporation Rostec acquired a 12.5 per cent stake in NtechLab, another Russian company that specialises in neural network solutions. Their viral app, FindFace, allowed users to find people on VK using a photo.

After signing the deal, the company shut down the publicly available version of its service and switched to developing compact face recognition cameras for the Russian police.

Share this Post