FaceApp first released back in 2017
FaceApp is not new – the app originally released back in 2017 and made a name for itself by allowing users to realistically alter images, such as by making a person smile.
But, most recently the software has soared in downloads from users eagerly wanting to see a depiction of the themselves in the future.
Just like a number of other photo editing apps, FaceApp requires users to upload a particular image in order to alter it.
The software will then process the picture in order to produce the desired change.
However, unlike most other apps of its kind, FaceApp does not perform its processing on a particular device.
Instead the app, that is developed by a team in Russia, sends photos to its servers to perform the editing process.
Speaking with TechCrunch, the creators of the app, Wireless Lab, said it “might” store users photos in its cloud severs and is done so for “performance and traffic”.
In a statement, it said: “We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation.
“Most images are deleted from our servers within 48 hours from the upload date.”
During its second spike of popularity, some users have expressed worry about the app downloading an entire photo catalogue on their phone, rather than just a single image.
Will Strafach, the founder and CEO of privacy app Guardian Firewall, attempted to test if this was the case.
He said: “Using a network traffic analyser, I tried to replicate the thing people are talking about with FaceApp allegedly uploading your full camera roll to remote servers, but I did not see the reported activity occur.
“However: they do appear to upload single images in order to apply the filters server-side. While not as egregious, this is non-obvious and I am sure many folks are not cool with that.”
Security researcher Jane Manchun Wong also analysed the app and said she was “not seeing much fishy in FaceApp”.
She did however express the desire for “an option for users to delete their photos from the server”.
However, FaceApp has declared it does accept requests for data removal and requires users to send one from within the app itself.
It explained: “We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority.
“For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line. We are working on the better UI for that.”
Express.co.uk recently spoke with McAfee Chief Scientist and fellow Raj Samani about the risks of using third-party apps on smartphones and potential security concerns associated with sending images to a cloud server.
In response, Samani provided users with four tips they should take into account before using third-party software, such as FaceApp.
FaceApp has gone viral for its filter that allows users to make themselves look older
1 – Pay attention to permissions
Samani was eager to highlight the amount of data smartphones contain such as photos, videos and location information to name a few.
The Chief Scientist emphasised any app can gain access to this kind of data if a user grants it the permission to do so.
Inciting users to understand and recognise the importance of permissions, he said: “While it may initially seem private, the terms of service from some of these apps may raise some concern around privacy since they do not make entirely clear on what is happening behind the scenes.
“When users grant certain permissions through the app, the company may use for their own benefit.
“Our mobile devices today carry an incredible amount of data about us, including personally identifiable information to our location information, browsing habits, search results, content consumption, and our photos and videos.
“Most, if not all of this information can be accessed by 3rd party apps subject to the permissions users grant to that app. This makes it incredibly important for users to pay close attention to the kind of permissions any app is requesting.”
FaceApp is developed by a team in Russia
2 – Users choose to give their photos to FaceApp at their own will
Samani noted cloud security “begins with the user”, informing individuals if they do not want FaceApp to obtain their photos, they should not upload them to its servers in the first place.
He declared: “Cloud security generally begins with the user and not the cloud itself – the fact remains that FaceApp gains access to the user’s photographs by the user’s own will.
“Once the photograph is with FaceApp, it is up to them how they choose to handle that content.”
FaceApp, like many third-party apps, acquires data from the user in order to function to its best degree.
The McAfee Chief Scientist and fellow urged users to look out for the information an app is asking for access to and if it asks for further data after such time.
“Consumers should look out for the following which a typical app could request for personal data, ranging from names or usernames to pictures in addition to location data and browsing habits
“Users should also look out for any prompts to agree to a new set of terms and conditions. Why are they being updated and what are the changes?”
FaceApp does not perform its processing on a particular device
4 – Do your research before you download an app
Samani iterated the importance of researching a particular app before it is downloaded.
He said this will allow individuals to see if any “red flags” have been raised about the security of a programme.
The McAfee Chief Scientist noted: “Before signing up to any app, users should do some research and look out for any red flags that have been raised around its security.
“Make sure you always read the privacy terms and conditions when signing up to ensure that your personal data isn’t shared with anyone you don’t know or trust. It’s also important to be aware of how your data could be used and accessed by third party sites and apps.
“In addition to Google and Apple’s own OS interface, there are reputable security apps that can assist users in determining what permissions are being sought and help them analyse which apps are cause for concern.
“Overall, it’s a good security habit for all consumers to only share personal data when it’s absolutely necessary.”