FaceApp privacy concerns: is the app stealing your photos?

Is viral aging app FaceApp stealing your photos and sending them to Russia? Probably not. But you should still be concerned.


Screenshot (63)


FaceApp has gone viral again after the app introduced a feature that allows one to see what they would look like in a few decades. The app was highly popular back in 2017 when it was first released but the hype slowly died down over time. However, it’s back at full force, and so are privacy concerns.

What’s the hype with FaceApp

FaceApp is a mobile app that uses artificial intelligence to make realistic transformations of faces in photographs. Released in 2017, the app allowed to change a person’s appearance in a photo, such as changing gender, adding make-up and facial hair, changing hairstyles or hair color, etc. It recently added an aging feature that makes a person in a photo look decades older. The app went viral again after celebrities like Drake, the Jonas brothers, Kevin Hart, and Gordon Ramsay started posting their aged photos.

Is FaceApp stealing all your photos and sending them to Russia?

Soon after the feature was added, the app made headlines for all the wrong reasons. Privacy enthusiasts and cybersecurity specialists started pointing out that by using the app, users are giving the company behind the app lifelong license to use the image. Essentially, it could do anything it wants with your photo. To add fuel to the already intense fire, the company behind the app is Russian-based Wireless Lab. And what’s more, allegations about the app being able to access all photos in the phone started appearing, creating even more panic. The last allegations has been proven to be not true, and no evidence was found to support the claim. But the app still has the rights to the photo you uploaded.

Because the developer of FaceApp is a Russian company, there were fears that photos uploaded by users are being used by the Russian government. It was later revealed that the photos are uploaded to Amazon-operated cloud servers. In a statement to TechCrunch, the company also explained that no user data is transferred to Russia. Furthermore, logging in is not necessary in order to use the app, thus the company cannot identify the person in the photo even if they wanted to.

So if FaceApp isn’t stealing all your photos and sending your data to the Russian goverment (at least they claim not to), should we forget about this whole thing and move on? Definitely not.

The bigger issue

That is not to say that FaceApp’s privacy terms are not alarming. By all means they are (as pointed out by CNET’s journalist Ry Crist on his Twitter account), but they aren’t unusual. Billions of people upload their photos to Facebook, Instagram, Twitter, etc., and do not know what becomes of those photos once they are uploaded because they have not read the Terms of Service or Privacy Policy. For example, Facebook’s Terms state “that if you share a photo on Facebook, you give us permission to store, copy, and share it with others such as service providers that support our service or other Facebook Products you use”. You can find similar clauses in most popular services and apps, but people are still uploading their photos and sharing their data.

Many people are so unconcerned about their own data that they download questionable apps from all kinds of sources and allow nearly full access to the device. If you were to take a look at your phone, how many apps have access to all your photos? Your location? Contacts, messages, etc.? Do they need that access, likely not. Facebook messenger does need access to your photos so you can send them, to your microphone and camera so you could video call, but does it need your location? So if you are concerned with how FaceApp manages your data, take a look at other apps you have installed, and you probably won’t be too pleased with what you find.

So yes, you should be careful with FaceApp, but that extends to every single app out there. What lesson should we all take away from this whole FaceApp mess? We need to protect our data because companies that make money out of it sure aren’t going to do it for us.