SLC Cybersecurity Expert Says FaceApp’s Data Gathering Is Concerning, But Not More So Than Other Social Networks

SALT LAKE CITY, Utah – A cybersecurity expert said users should scrutinize how mobile apps use their data, but they should not necessarily be more concerned about FaceApp than any other social networks.

FaceApp, made by a company headquartered in Russia, runs photos submitted by users through an artificial intelligence program that can, among other things, make them look decades older. The app has spiked in popularity this week. As more people use the app, some people raised concerns about how FaceApp handles data.

Aaron Sherman is the director of cyberthreat intelligence at Salt Lake City-based Braintrace. He decided to take a closer look at the app when his daughter downloaded it.

“When it comes up, it loads up pretty slowly. In my mind, it looked like, it seemed like, ‘Is this app surreptitiously downloading my entire photo album and putting it somewhere in the cloud in Russia?’,” Sherman said. “We had our team do some network traffic analysis, looking at the phone when it was going through this process. We were able to confirm that, in fact, that is not occurring.”

While the app does not upload your entire camera roll to its servers, Sherman did find some things in the apps privacy statement concerning. While the app’s privacy statement say it deletes most photos after 48 hours, there is no guarantee your photo will not remain on their server. The app also gathers a lot more information than just a photo.

“They collect all information as far as web browser history, information about your phone, your actual device identifier, so they could identify your particular device,” Sherman said. “All that put together, along with a photo, it’s pretty concerning that that information’s out there,”

The privacy statement says the company may share data with other companies that are affiliated with them, but does not say which companies those are. The terms of FaceApp also detail what permissions users are granting the company with respect to their pictures.

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public,” the terms read.

While Sherman says users should be concerned about the way apps use their data, they shouldn’t be any more concerned about FaceApp than any other social networking platform.

“This is pretty par for the course. FaceApp, there’s nothing that they’re doing that seems to be an egregious violation of privacy of anybody,” Sherman said. “There’s other major social networking organizations here in the United States that collect way more information about us and we provide a lot of information and they share it and sell it. There’s a lot more privacy concerns with other companies,”