FaceApp and data theft
With more than 700 thousand installations per day The FaceApp mobile application is suspected by a US Senator to collect user data, transfer it to Russia and sell it to third parties.
The FaceApp mobile application is available on iOS and Android it’s been years and since 2017, FaceApp has been growing in popularity for several weeks now with thousands of installations per day. This application allows users to change their faces on their selfies through new technologies like artificial intelligence. For example possible to get old or to get younger, change skin color or add accessories.
On the other hand, behind its features and its fun and light character, FaceApp could represent a real danger to confidentiality. US Senator Chuck Schumer has just asked the FBI and the FTC to look into the data collection practices of the application …
However, The Senator expresses his fears in a letter to FBI Director Christopher Wray and FTC President Joseph Simon. As he points out, to use the application, users must grant him full and irrevocable access to their personal data and photos.
By reading the conditions of use of FaceApp, one realizes that the users allow the application to use or to publish content shared with it. This concerns in particular the pseudonym or even the real name of the user, and the latter will not be notified in any way.
The Senator is also concerned that the developer does not specify how long the data of FaceApp users are kept, or how the user can ensure their removal after use. Chuck Schumer believes that these are “dark patterns” that can mislead users or even constitute a false business practice.
These concerns are also related to the fact that FaceApp’s servers are located in Russia. When the user wishes to modify a selfie, the treatment is not performed. It is done via the cloud, on the servers of the company. In fact, it is not clear when and how the developer allows access to user data to third parties and potentially to foreign governments.
So, FaceApp is not a Machiavellian strategy of Russia to establish a database on US and European citizens. However, it is impossible to ensure that the developer tells the whole truth