Despite all of the warnings that you have seen, it is possible to use FaceApp without incurring significant privacy risks.
Here is how:
What is FaceApp?
Over the past few days, FaceApp – an Apple and Android app that can alter a photograph of someone to make him or her appear much older (and that can perform other image manipulations)– has gone viral. While the current FaceApp is not the first app to offer artificial aging of people in images, the Artificial Intelligence that it employs appears to produce far more believable results than were achieved by earlier, alternative offerings.
Many cybersecurity and privacy experts, however, have warned users that using FaceApp may create serious privacy problems. FaceApp’s terms and conditions state, for example, that by using the app you “grant Face App a perpetual, irrevocable, non-exclusive, royalty-free, worldwide” license to “use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute and display your content” and that FaceApp “cannot ensure the security of any information you transmit to FaceApp or guarantee that information on the service may not be accessed, disclosed, altered or destroyed.”
In short, these terms mean that FaceApp has the right to sell or use any data that you provide to it, for essentially any purpose that the firm so desires, and that it neither has to pay you for such rights, nor is it responsible to ensure that your data is protected from nefarious parties who may steal your images and associated information and use them for purposes harmful to you.
Furthermore, the FaceApp requires access to photos – meaning that, in many cases, FaceApp could transmit all of the photos on your device to FaceApp servers – and, thereby, make all of your images usable and sellable by the company. The app also does its processing in the cloud – not on people’s devices – something especially concerning because the company is based in Russia.
I also suspect that the app has European users, and it does not appear to me to come close to meeting European data privacy (i.e., GDPR) requirements.
The Warnings Likely Exaggerate The Current Risks
All of the aforementioned points may add up to a picture that sounds scary – but, in reality, as it currently works, FaceApp does not actually transmit to its servers any photos other than those that you specify, it processes images on servers at Amazon Web Services and Google Cloud – not at some Russian provider, and the company claims that it deletes most images within 48 hours. Of course, many images of people already appear on the Internet – in many cases in venues that effectively correlate the photos to their names and other personal identifiers – so, for many users, every piece of data and relevant correlation information that they send to FaceApp’s systems could easily have been obtained online had the folks not used the app.
Furthermore, in terms of FaceApp’s terms and conditions that give it rights to any uploaded photos – the app does not appear to make any substantial effort to verify that the person uploading a photo actually owns the rights to the image, meaning that if the firm were ever to assert rights by selling the images it could find itself in hot water.
But, yet, big concerns – perhaps even bigger than those being discussed throughout the media – remain.
Serious Concerns Remain
With its current terms and conditions in place, the company behind FaceApp could change its practices vis-à-vis collecting and storing images – and, could potentially do so at any point in time without warning. If the app has access to your entire camera roll, it might copy all of your images, and the firm behind it might well be justified in claiming the right to sell or use all of those that you own as it sees fit. After all, if you installed the app, you did agree to such terms. On that note, keep in mind that FaceApp’s maker also warned you that “it cannot ensure the security of any information you transmit to FaceApp.”
Additionally, we must ask ourselves why a company that ostensibly must pay for processing power at Amazon or Google anytime someone uses its app would give tens of millions of people the ability to run the app at no charge. Clearly, the business must be getting something in return – and while the firm is under no obligation to clarify for the public how much of its revenue it generates from in-app purchases versus other means, it is not hard to imagine that user data might factor into the equation now or at some point in the future. As such, beware.
How Can You Safely Use FaceApp?
Of course, you may still want to use FaceApp – so, how can you safely do so?
If you want to use FaceApp, here is one way to dramatically reduce your exposure to privacy risks: Simply create a new Google or Apple ID, configure an old phone that has no data on it (e.g., after a factory reset) to use that ID, install FaceApp, and use the App to process a picture (or pictures) of yourself that are already available online to the public, and that already are associated with you. The app may still be able to garner some information about you, and any images that you submit will become usable by the app’s maker if it can establish that it was you who sent them in – but, your exposure to entire camera rolls being captured, correlation to other data on your phone, etc. will effectively be zero.
Furthermore, if instead of you submitting your images, someone else who does not have rights to them does so, you may better protect your rights to your images than if you did the submitting. (Please do not take that as legal advice – I am not an attorney.)
You can also specifically ask FaceApp to delete images from its servers, by sending it a message via its bug reporting feature: Click “Settings->Support->Report a bug” and send a message with “privacy” in the subject line.
And, yes, as shown in the image at the top of this article, if I say that it is safe for you, I would do so myself.