You might want to rethink trying out FaceApp – the app that purports to age your face – but it’s really just the tip of the user-beware iceberg.
FaceApp is the latest online craze that turned into an online panic when a developer warned that the app, based in Russia, could take photos from your phone and upload them to FaceApp’s server without your permission, or build a secret database of users’ faces.
Of course, most of the panic stems from the fact that FaceApp is based in St. Petersburg, Russia. You might very well ask, “What does a Russian company want with my photos!?” However, FaceApp isn’t doing anything particularly unusual in its code or traffic that something like Facebook or Google can’t also do.
Forbes covers this issue in the article, FaceApp: Is The Russian Face-Aging App A Danger To Your Privacy? In the article, a security researcher downloaded the app and checked where it sends users’ faces, and found FaceApp only took submitted photos – those that you want the software to transform – back up to a company server.
Forbes also confirms the servers for FaceApp are based in U.S. Amazon data centers. There are also third-party code servers involved in FaceApp, but these are based in the U.S. and Australia.
It’s unclear how much access FaceApp employees have to the photos being uploaded. In 2017, Yaroslav Goncharov, an ex-Yandex executive and CEO of FaceApp, told The Verge that photos uploaded to the app are stored on the company’s servers and deleted soon after.
That still doesn’t mean there’s any guarantee that the company deletes the photos. However, as we note above, other apps, such as Google, Facebook, and Instagram, do the same thing. The difference is they aren’t Russian based, and we’re used to hearing their names.
The key to downloading apps and uploading your photos online is to read the privacy terms and decide if it’s worth the tradeoff. It’s fun to see what you look like at 75, but you have to forfeit your face, and perhaps your privacy, to do it.
UPDATE: In a statement to TechCrunch, FaceApp said it accepts requests from users to remove their data from its servers. The team says it’s currently “overloaded,” but users can send the request through Setting>Support>Report a bug with the word “privacy” in the subject line.