So what can FaceApp do with your 150 million faces?
FaceApp isn't that funny anymore. In a span of weeks, the face-altering app has found itself at the top of the app store, with frightening amount of freedom and power over users' data and information utilization. Developed by Russian company Wireless Lab, FaceApp has seen over 150 million downloads and its hilarious edits seen all over social media.
FaceApp isn't a new application either, it's been around for over two years. Back in 2017, it focused on transforming faces, adding a smile or cosmetics with uncanny realism. Its race-altering filters sparked a great deal of controversy as well, forcing the company to remove the feature completely.
Today's FaceApp controversy centers on the app's privacy policy. While it's been there since 2017, times have changed and its sudden rise to popularity has made users a little worried. We live in a time of data paranoia. Security threats like Russia's meddling with the U.S. elections and concerns of Chinese espionage using Huawei have made us all a little more privacy-wary.
What FaceApp takes from us
And with good reason; Using FaceApp offers the company plenty of personal data. Your faces, for starters, are stored on their own servers. Processing isn't done locally on your smartphones but in their own database, where the rest of the 150 million faces are also processed. This is the only permission requested when you install the application, raising concerns on the rest of the rights FaceApp claims in its T&Cs.
But written on its lengthy terms and conditions page, details the rest of the information FaceApp can extract from your phone. Web beacons are planted around their app to track how you interact with it. This includes the sites you link to from the app itself.
You also give FaceApp the right to do virtually anything they want. It says here: "You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you."
And this is what's caused the alarm bells to ring amongst concerned netizens. Let's break down what could happen next:
What FaceApp could do with your data
But before that, here's what probably won't happen. For now, we have no reason to believe all this data will be extracted by the government for some "backdoors" espionage. As fishy as processing our photos in their own servers sounds, cyber-security researchers explain it makes sense on a business perspective. When performed externally, the photo processing code is hidden, making it difficult to copy. It also makes piracy harder. Local processing on phones also sucks up more battery power and internal storage.
FaceApp also maintains that only photos uploaded are kept by the company – and "most images are deleted from our servers within 48 hours from the upload date," said chief executive Yaroslav Goncharov.
They also said user data will not be shared with any third parties. This news should've put most of our anxieties to rest – but what about the T&Cs? Did we not give FaceApp "perpetual" rights to use our data as they fancy? The short answer is yes. While they're saying our data is staying with them for now, none of this prevents them from using our information for commercial purposes should plans change in the future.
This data will likely go into facial recognition R&D. It's part of FaceApp's "how we use your information" list after all, to "develop and test new products and features." This may help anyone off their future clients improve their algorithms for quicker and more accurate biometrics.
FaceApp's terms and conditions also make it clear that targeted advertising is one of its goals. It embeds Google Admob, which serves Google ads to users, so you can expect new ads to pop up on Google based on the data received by FaceApp. The kind of ads aren't disclosed, but our guess is cosmetics, dermatology and hair treatment companies will be first in line for FaceApp's precious data.
So can we trust FaceApp?
We've cleared some of the misconceptions and made some speculations about FaceApp. For now, nothing seems outstanding malicious – of course, how much you trust the Russian app depends heavily on your political standing.
Ironically, FaceApp isn't too different from the other social media platforms we use. Facebook, Twitter and Instagram for example have rights over the content you put up. Basically, we need to accept just about anything you put up online no longer belongs to us.
Much like most other social media sites, FaceApp's T&Cs are just as vague and lengthy. They exploit consumers' common disregard of extensive fine print, using our apathy to reserve more options and "rights" for their business in the future. Many of these points may not be relevant to their business now but can be used next time.
For us, this means there is little we can do legally should FaceApp utilize our data. This saga is another reminder that we ought not to take fine print lightly. Companies are always out to sneak more profitable information out of us – regardless of ethics – and in times like these, it is up to us to look after our own security.