Summary:
Throughout the Summer of 2019, our social feeds got a facelift as friends and celebrities posted aged pictures or selfies of themselves. FaceApp, a free photo editing app, uses Artificial Intelligence (AI) technology to apply several quirky filters to the photos you upload from your mobile device’s camera roll. It quickly went viral, becoming one of the most downloaded apps for both IOS and Android, with over 150 million downloads.
As FaceApp grew in popularity, so, too did concerns from cybersecurity experts regarding the app’s privacy policy. We started to see unease in the news, over the possibility that the technology behind apps like FaceApp can store or expose the vulnerable facial recognition data of millions of individuals worldwide. Generally speaking, mobile device users should be careful of the apps and services they may be permitting, albeit unknowingly, to gather and store their personal data.
Let Me Be Me: Biometrics and Personal Privacy at Stake
We all tend to scroll quickly through the Terms and Conditions of apps without really understanding possible threats regarding how our data is collected and shared. Your photos and biometrics, like other personally identifiable information (PII), is valuable to cybercriminals and identity thieves, because it can be used to authenticate various accounts and devices. According to an IBM Future of Identity Study, more than half of all consumers have concerns about data collection and how it is applied, including the potential for cyberthieves to use spoofed biometrics to access sensitive information.
FaceApp’s popularity, and its privacy policy, gained the attention of United States government officials who have stepped in and requested the FBI and FTC take a more in-depth look at the app’s safety. For example, the aging filter in FaceApp is powered via cloud-based technology, raising some worry as to where the photos are being stored, and for how long. FaceApp responded to the concerns, indicating most images are deleted from its servers within 48 hours, and while the company is headquartered in Russia, it doesn’t transfer user data to Russia and it does not share or sell data with third parties.
Before downloading the app, keep in mind that under its privacy terms, you are permitting FaceApp to have perpetual and irrevocable permission to “access, collect, monitor, and store” the following, every time you open the app:
- All photos or other content that is uploaded to the app (and it’s been reported that there was a security flaw enabling full camera access; however it is a known functionality of iOS devices to allow apps individual photo access without granting full photo album permissions)
- Cookies and data that identifies your device to share with third-party advertisers to deliver targeted advertising
- Your IP address, browser type, pages visited, clicks of links, domain names, and what emails you open in connection with the app
Get Ahead of Mobile App Security
Many free mobile apps have privacy policies that we often ignore without realizing the consequences. When creating a new account or downloading a new app, you are frequently asked to agree to the Terms and Conditions. In a hurry to proceed, we don’t stop and consider that once we click “accept” we legally hand over control of the collected information to the company behind the app and possibly unknown third parties.
If the shared photos and personal data gathered by these apps were to be breached and sold on the Dark Web, an identity thief would be armed with the information necessary to commit synthetic identity theft. This risk is especially true for our children providing access to social media and free apps such as FaceApp. For iPhone users, Family Sharing helps parents control which apps their children are purchasing by having the “Ask to Buy” feature. Using this feature, children must gain parental consent before actually downloading any app to their device.
What can you do right now to keep your own device secure? Stay a step ahead of privacy policies and update your mobile app permissions, restrict access to your photo library, and dig into what kind of permissions you are allowing.
