Is FaceApp safe? A deeper look at the viral hit

(Image credit: Future)

If you’ve been on Facebook, Twitter or pretty much any other social medium in the last few days then you can’t have failed to notice it - FaceApp is everywhere. 

Despite launching way back in January 2017, the app has suddenly received a new lease of viral life. 

But as quickly as it has appeared, the worries about what the company is actually doing with our photos and our privacy have followed too. So, is it time to worry?

What is FaceApp?

Where have you been, grandad? FaceApp is the hot new trend. It's an iPhone and Android app that takes your photos and performs some digitally wizardry to manipulate your face through a number of clever filters. 

The old age filter has become particularly popular because it is available for use in the app for free. It's pretty amazing too, and is able to produce highly convincing results.

(Image credit: Future)

How does FaceApp work?

The app works its magic by using the power of machine learning. This is a new technique that is increasingly ubiquitous in computing. 

Essentially, rather than try to explain to a computer what it means to age - and describe using code what a wrinkle, grey hair or Werther's Originals are - the computer will figure them out for itself by being "trained" with thousands of other photos of old people.

The results are pretty impressive - if not entirely accurate. Run a photo of someone who is old now from when they were young, and FaceApp is unlikely to produce an image which looks exactly like them now.

What data does FaceApp collect?

So this is the important question! As quickly as the app has gone viral, so have the privacy worries. So much so that US Senator Chuck Schumer has called for the FBI to investigate the app. 

And there are many posts going viral on Facebook and other social media urging users to approach the app with caution. 

The worry seems to hinge on the fact that in order for the app to work, the user must grant the app access to the photos on your phone - just like you have to with Instagram or a billion other apps.

What’s worrying people is two things: What this conceivably means is that the app has access to all of the photos on your phone, so if developers chose to do so, they could conceivably tell the app to upload all or your photos to their servers, or pass them on to other organisations. 

What's amplifying this worry is that the company that makes the app, Wireless Lab, is based in St Petersburg, Russia.

So… is FaceApp uploading my photos?

Despite the initial worries, at the moment the evidence suggests that the app is behaving responsibly and not uploading all of our photos. Several other developers have analysed what is being transmitted, and have concluded that all the app is uploading are the photos that the user chooses to apply filters to.

This is because unlike, say, Instagram filters, the photo processing on FaceApp takes place in the cloud. In other words, all the app does is upload the photo and then download the completed stuff - all of the clever digital ageing takes place on servers elsewhere.

The reason for the app working this way could be two-fold: First, this sort of processing is very hard to do locally. The reason machine learning is so powerful now is because processing can take place using the processing power contained within entire server farms if necessary - rather than relying on the processor in your phone.

Secondly, this could help the developers improve their product. They could use all of the pictures we upload to more accurately train FaceApp's machine learning models - resulting in even more realistic photos. And because all of the processing takes place in the cloud, it also means they can conceivably update and improve filters without needing to have everyone update the apps on their phone.

The developers have said that everything that is uploaded is deleted within a couple of days. The reason it hangs on to the data for that long in the first place is apparently to avoid having to process the same images twice: If two people upload the same image (which isn’t unlikely if you want to digitally age a celebrity), it means they only have to have their servers do the hard work of processing the images once.

What do the FaceApp terms and conditions say?

One of the factors that has been amplifying the concerns has been the terms and conditions that have gone viral. And on the face of it, they sound pretty draconian:

"You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. 

"When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public."

Yikes!

What is important to bear in mind however, is that they are not a million miles away from those used by other social media apps. 

The only real difference - and it is significant - is that unlike, say, Facebook or Google, there isn’t an easy way to delete your data from the app. At the moment, you have to email support with a written request - though the developers have reportedly said they are planning to make this easier.

There is also a secondary concern that the app does not comply with the strict new GDPR rules with its advertising. Whether this has merit or not we'll leave to the lawyers - but this isn't really the meat of the privacy concerns.

Should we be worried that the company is Russian?

And this… is the contentious bit. The fact that Wireless Lab is based in Russia is perhaps why FaceApp has attracted the skepticism of politicians more than any other app. And these concerns are not entirely without merit.

Russia, of course, has a fairly notorious recent history of using technology to meddle in international affairs: From the digital operations conducted during the 2016 US election, to hacking the power grid in Ukraine. It is definitely conceivably that Vladimir Putin might see this latest viral sensation as a means by which to access the data of westerners or other adversaries… somehow.

There is no evidence that, say, the Russian government or military is obtaining data from the app or involved in the company in any way, and the company itself has said that data is in fact stored on Amazon and Google's cloud servers outside of Russia.

However, there is arguably cause for concern about the location of the company headquarters. If Vladimir Putin wanted to access the data for some reason (maybe he wants to see everyone’s selfies?), by virtue of the location of the company and its employees, he would have some pretty significant leverage.

So… should we be worried about FaceApp?

Ultimately, with FaceApp we're making the same privacy trade-offs and considerations we make with any other app. When we download Instagram, should we worry that the US government might want to have a flick through our photo albums? Perhaps we might assume there are more safeguards there because America is a functioning democracy.

And what about other apps that are surging in popularity like TikTok? That app, which has made real inroads with young people, is owned by a Chinese company. So there is a strong case for similar reservations there - though because the scaremongering hasn’t gone viral in quite the same way, nobody seems to care.

So is FaceApp safe? As with any app it depends on the risks that you’re willing to take. Perhaps the best takeaway from FaceApp blowing up is that if nothing else, it is a potent reminder that you should check your privacy and sharing settings on every app you download - not just the ones that go viral.