Should you be afraid of using FaceApp? Even PM Lee is wary

If your social media timeline has been looking like a nursing home lately, you have FaceApp to thank for that.

A product of Russian company Wireless Lab, the “AI face editor” app for iOS and Android has actually been around since 2017 and only recently came to popular usage after celebs started putting up selfies of themselves looking old AF through FaceApp’s filter. 

As charming and amusing as the app is, the way FaceApp’s tech works has been up for question of late. You see, it doesn’t alter the image of your face within your phones — the app takes your photo, sends it to its servers, carry out some (scarily precise) artificial-intelligence sorcery on it, and sends it back to your phone. Feel free to chortle about your wrinkled visage and post on social media, but just know that FaceApp will keep a copy of your image somewhere, with some (if not all) of the metadata from the photos. 

Plus, there’s the Mother Russia angle. Associated with online disinformation, hacking, espionage and general privacy concerns, it shouldn’t be surprising that the internet is now rife with declarations that FaceApp is a nefarious plot by Russians to steal your data. US politicians — intensely paranoid about Russian interference — are already calling for investigations into the app. 

[[nid:456813]]

"FaceApp's location in Russia raises questions regarding how and when the company provides access to the data of US citizens to third parties, including potentially foreign governments," US Senate minority leader Chuck Schumer noted. 

Closer to home, even Singapore’s own Prime Minister Lee Hsien Loong advised folks to stay woke about letting FaceApp have access to your mug.

Just how safe is it?

Thing is, FaceApp’s privacy statement in their terms of service is kinda vague. Yes, you do own the rights to your content and the developers can’t claim ownership of any user content. The thing that raises eyebrows is this declaration: 

"You grant FaceApp a perpetual, irrevocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.” 

[[nid:456623]]

TL;DR — FaceApp can repost your images for monetary purposes whether you give consent or not. They don’t own your content, but doing whatever they want with your content is well within their legal rights. Even after you delete the app. 

Now we don’t know what exactly FaceApp will do with the millions of altered and unaltered images uploaded by its millions of users. Considering that FaceApp now possesses something as personal and intimate as your facial data is something to pay attention to. 

Suddenly, gender-swapping/age-accelerating/beard-installing filters on your face might not be as harmless as you’d think.  

FaceApp responds

In a statement to TechCrunch, the company made it clear that the pictures we upload on the app don’t stay permanently on its servers — or so they say. 

“We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation,” FaceApp assured. 

“Most images are deleted from our servers within 48 hours from the upload date.” 

While the core R&D team may be located in Russia, user data is not transferred to Russia, asserted FaceApp. Its servers are based in the United States — Amazon data centres to be exact. Interestingly enough, some FaceApp servers were hosted by Google across other countries, including Ireland and Singapore, Forbes reported.

In other words, it’ll be pretty hard for Russian intelligence to demand user data from FaceApp as they’ll have to make requests to Amazon. Plus, they claimed that user data doesn’t get shared with third parties. 

All filtered out

So what do we take away from all this? It’s fine. Although FaceApp could do a better job in being truly transparent on what it’s doing with your content, playing around on the app doesn’t exceed the risk of data misuse more so than any other platform that you’re already uploading pictures to. 

[[nid:456396]]

Facebook, for one, has similar stipulations in its terms of service. The tech giant is also granted “non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content,” but you don’t see a lot of people complaining about it. 

China’s face-editing app Meitu scrapes user data like GPS locations, jailbreak statuses and LAN IPs. Earlier this month, it was revealed that over 1,000 Android apps are sneakily collecting user data without their permission — which thankfully should be harder for them to pull off when Android Q launches later this year. 

But baby steps. If you’re concerned enough to remove your data from FaceApp’s servers, there’s a way to do so. If not, cool! Keep putting virtual bangs on your selfies or something. At least FaceApp’s way past the stage where they thought that altering selfies with “black”, “Indian” and “Asian” filters was a good idea. 

ilyas@asiaone.com