FaceApp is displayed on an iPhone. (AP)
FaceApp is displayed on an iPhone. (AP)

Worry lines: Are photo apps like FaceApp a privacy threat?

  • By engaging with the app, shutter-happy users face the risk of forgoing copyright to their faces
  • Shutter-happy selfie enthusiasts should be more cautious while using any photo app or platform

On the face of it, Russian company Wireless Lab-owned FaceApp, is a harmless and fun app to play with. Its old-age filter, for instance, uses neural networks—machine learning algorithms that are loosely modelled on the human brain to decipher patterns from mountains of data—to estimate and show what a younger person will look like when they grow older. You can do similar tweaks with your hair style or even gender.

However, while the app has been in existence for nearly two years, and is similar to Microsoft’s Guess My Age app that was also very popular, raised alarm bells last week, triggered by software developer Joshua Nozzi’s tweet cautioning users to be careful with the app.

According to cybersecurity company Forcepoint, a major concern with the app’s terms and conditions, as was highlighted by many users, is that by using the app, people were handing them over the permission to use their edited photos anywhere, including for commercial purposes. Besides, the app uses photo processing in the cloud for better performance, which means photos captured by users gets uploaded on the servers.

While some claimed that the company uploaded the entire camera roll on cloud without permission, many felt uncomfortable with a clause in its terms and conditions which gave the app the permission to use their data royalty-free for as long as they wanted.

In an official statement, FaceApp’s Russian founder Yaroslav Goncharov clarified that the app stores the photos users have uploaded on the cloud for a short duration for better performance and the images are deleted within 48 hours. Regarding concerns that it uploads the entire camera roll, the company said the app only uploads photos selected by users.

Also Read | The fuss over FaceApp could be just another US-Russia face-off

Things calmed down after a French security researcher who goes by the alias, Elliot Alderson, confirmed that FaceApp only uploads photos users decide to edit using the app and the only other data it captures is the device ID and model name. “Alderson’s findings should go some way toward easing people’s fear of FaceApp, but it’s worth noting the app’s terms of service state FaceApp can use your photos any way it sees fit," says Steve Symanovich from Symantec.

FaceApp is simply a case in point. Privacy concerns with photo apps is not new and there have been privacy breaches involving photos on social media platforms like Facebook too.

Instagram, for instance, also requests access to a phone’s camera roll. Snapchat also uploads photos on the cloud before deleting them. “By using the app, we may be surrendering copyright to our face, and there are implication of reselling your face or reusing your face for commercial applications," says Alvin Rodrigues, senior director and security strategist at Forcepoint. Users must be careful when reading the terms and conditions and should understand what they are getting themselves into, cautions Rodrigues.

In March 2019, International Business Machines Corp. (IBM) was found to be using millions of publicly available photos, taken from image hosting platform Flickr and used for an earlier research, to train its facial recognition systems without the knowledge of the users in the photos or the photographers who had captured them.

According to latest news reports, Google is asking people to share their own facial data with them in exchange for a $5 gift card. The data will be used to improve the next generation of facial recognition technology that Google is building to unlock it’s Pixel phones. The reason: Face recognition platforms need a larger set of face photos to train their algorithms and they can only get them through social media or apps that are being used to capture or edit selfies or user photos as most research-based data sets are very limited.

“The dark side of apps using facial recognition function are numerous and will only increase as hackers will discover loopholes and vulnerabilities in them. With recent advances in 3D printing, anyone can print a realistic copy of a person’s face," says Shrenik Bhayani, general manager-South Asia, Kaspersky Labs.

Facial recognition systems are now being widely used by government agencies and corporations for surveillance. Last year, photo-book service Shutterfly was accused of adding users’ photo to its database without their consent, points out Bhayani.

While new regulations like the EU general data protection regulation (GDPR) are reining in tech companies by enforcing new privacy norms, shutter-happy selfie enthusiasts should be more cautious while using any photo app or platform. “Caveat emptor" still remains sound advice for users.

*****

Tips to keep your photos secure

• Be more careful before sharing close-up shots of your face

• Frequently review the permissions a photo app wants

• Read terms and conditions carefully and how the apps will use your content and photos

• Use reverse image search platforms such as labnol.org to keep track of your photos online

Close