Article Thumbnail

Is FaceApp Really Sending Your Viral Old-Man Selfies to Russia?

Here’s everything you need to know about the hot new app's privacy scandal

Terms and conditions? Never heard of them. I simply don’t have time to read through that jargon — I need to get right to the viral app content. At this point, iTunes has probably had the rights to my firstborn son for more than a decade, and Snapchat is tracking my coordinates to sell to cyber-fascist mercenaries in a future purge of everyone who’s ever tweeted “A.C.A.B.” 

So what’s the harm in downloading FaceApp, the photo editing app that shows users what they’ll look like when they’re older, with a beard or with a fake, toothy smile? It’s currently the No. 1 free app on the App Store, thanks to the viral trend of people sharing their faux-wrinkly daddy selves all over social media. 

The app works much like any other photo-filter app: You download it, give it permission to do whatever it wants to do to your phone, upload a photo and apply your desired facial change. Voila, you’re now an old man. Won’t Chet from the intramural hockey team get a kick out of this!

But you should probably know a few things about all those permissions you granted without a second thought. Let’s then scan through the fine print in FaceApp’s terms and conditions

First off, in order to use FaceApp, you must grant the app permission to access your camera and all of your photos. The ability to function and collect data even when you’re not using the app are also required. That said, the Guardian reports that security researchers have assessed that the app doesn’t actually store your entire camera roll. 

The biggest sticking point might be this: While you remain the sole owner of the content you create and give the app access to, FaceApp is still allowed to do absolutely whatever it wants with said content. 

Specifically: “You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully paid, transferable sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”

This is to say, FaceApp doesn’t own your face, but it can distribute and manipulate images of your face however it sees fit. And your friends’ faces. Basically, whoever you point your camera at to test out the filter.

According to FaceApp’s privacy policy, your content won’t be rented or sold without your consent, except to “parties with whom we may share your information,” which includes anyone involved in FaceApp or its parent company. They may, however, sell your cookie data to third-party advertisers to help them tailor specific ads to you.

All of this may not be too different from what we allow other apps to do. Hell, did you know Google is tracking your every move and selling your data to who knows where? Still, there’s one thing in particular that’s freaking people out: FaceApp is owned by Wireless Lab, a company based in — dun dun dun — Russia. Given Russia’s known interference in the 2016 presidential election, there’s some concern about what could be done with FaceApp’s data. In fact, the Democratic National Committee has already issued a security warning to 2020 presidential campaigns telling their staff not to use the app. Will your harmless selfies be used to undermine our democracy?!?!

Probably not. It’s more likely that FaceApp is harnessing your high-quality images to support its AI algorithms with facial recognition, Dave Gershgorn writes at OneZero. And, he argues, we should be more concerned with a bigger social network: “Facebook clearly leverages user images for facial recognition. In a 2014 research abstract, the company outlined that it had a facial dataset of more than 4 million images — and again, that was five years ago.”

FaceApp also responded to some concerns yesterday, saying that while the company is based in Russia, user data isn’t transferred there. Further, most user images are deleted from the cloud within 48 hours, and the app never uploads content not selected by users… or so it says. Who knows what Wireless Lab could want to do with your data in the future. In five years, it might use your likeness in an ad for a hemorrhoid cream it somehow acquired, and there’s nothing you’ll be able to do about that. 

So while you don’t really need to freak out about giving foreign agents the tools to undermine the country, keep in mind that choosing not to download these apps is basically the only agency we have left as private citizens. Maybe don’t get lured into surrendering your personal information for an app that kind of sucks anyway?