FaceApp owns access to images of over 150 million users’ faces and names, according to a Wednesday-published Forbes report.
Owned by Russian parent company Wireless Labs, FaceApp is a popular mobile app allowing users to add visual effects to photos of their faces to alter their facial expressions, look, and appearance of age.
FaceApp have been downloaded by more than 100 million people via Google Play on the Android platform, and by over 50 million people across other platforms including Apple’s iOS. It was launched in 2017.
Users grant FaceApp license right to use their aforementioned data in perpetuity. Its terms of service include the following clause:
You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.
Wired addressed the Forbes report in a column titled, “Think FaceApp Is Scary? What Till You Hear About Facebook”:
The response to FaceApp is predictable, if only because this cycle has happened before. FaceApp went viral when it launched in 2017, and prompted a similar—if far more muted—privacy kerfuffle. But compared to Meitu, that year’s other viral face manipulator, which is quite a phrase to type, FaceApp was downright saintly in its data collection. At least FaceApp didn’t access your GPS and SIM card information. More energy was directed at bigger problems, like FaceApp’s blackface filter. (Yep!)
Wired advised reader to be vigilant about protecting their data in all circumstances:
You should ask questions about FaceApp. You should be extremely cautious about what data you choose to share with it, especially something as personal as photo of your face. But the idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny—including, and especially, the ones you use the most.
FaceApp released the following statement in response to the above-mentioned reports:
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.