The new FaceApp trend

What do you guys think about the new FaceApp trend? “They’re creating the images using the “old” filter of an app called FaceApp, but there are also some privacy concerns”. Maybe this will be a topic on the upcoming How They Got Hack!

Let’s start with the fact that FaceApp was not created yesterday. Works since 2017. The principle of the application is simple. You take a selfie and you can change your face; add a smile, change the color of the skin, or just - give the characteristics of an elderly person. Why, since the app has been running for 2 years, is it just loud about it today? Because three days ago its marketers launched an advertising campaign in the USA called #AgeChallenge.

Is FaceApp a threat?
Yes. And not. It depends…

Let us remind you that in 2016 (ie even before FaceApp) the world was enchanted by the Prisma application. Also from Russia and also asking for access to “photos” on the phone. Because - it is probably clear - that applications such as Prisma or FaceApp could process someone’s photos, they must first ask for permission to access “Photos” on the phone. And it scares some of them, because they think that such permission immediately means that the application will transfer gigabytes of photos from the phone’s memory to Putin’s headquarters …

Apart from the privacy policy, the FaceApp application actually processes our images on the company’s server side, that is, sends our photos to the authors of the application and may store copies of them. It is difficult to say whether he is actually doing it. It is also worth noting that image processing on the server side, in this case, makes sense for performance reasons (on the phone we do not have the computing power and the material on which the neural network learns how to process images).

The application does not use any rights that do not make sense from its business point of view. It asks, of course, for access to our photos and the camera and the internet. These permissions for each iPhone user can check (and cancel at any time) by going to the settings and clicking on FaceApp in the Application section.

If we want to create black scenarios and conspiracy theories, it is worth noting that the majority of people in the first place process their selfies in the application. The authors can then find out how we look and find on this basis our other photos on the internet, including our social profiles, which will allow them to profile our person (eg interests, political views, etc.) - eg using the Russian application for face recognition. In addition, on the photos uploaded to FaceApp you can run image recognition algorithms

Or that we put all the photographs after midnight, from one area (photos have GPS coordinates stored in the place where they were
made), and this area corresponds to the district with pubs, and in addition to almost every one of them we hold beer of one brand. This profile can be used to show us profiled ads in
while using the application or reselling our profile to other companies (eg advertising networks). Or to create a face catalog by Russian services - although here it is worth noting that the special services (of any country) will be more useful to other data, which these services have been laboriously gaining in past attacks. Yes! The services of other countries may already have your data more sensitive than just what your face looks like. Recall that the US recently lost such data in attacks as:

  • financial data on the majority of working Americans, breaking into Equifax
  • personal data (including medical) on government employees, breaking into OPM
  • medical data of Americans from one of the insurers, so-called Anthem hack
  • Emails from Yahoo mailboxes
  • information on critical infrastructure, energy sector
  • data on electoral preferences, from Facebook, so-called Cambridge Analytica

Coming back to the FaceApp application, for now there is no credible evidence that the app is actually suspicious and does something more than it declares. However, one should always be aware that what we upload to the internet is there forever and can be publicly available to everyone.

In conclusion: yes, the application was created by the Russian. Yes, it can pose a threat to privacy, but no more than other applications of this type that we are eagerly using. For now, it was not observed that the application reached for more data than necessary to process one selected by the user. But it’s technically possible. Everything really comes down to being aware that even if the application was not created by the Russian, then with our data the creator can do much (wrong). Therefore, we have a request: if you are afraid of the Russians, think of any application maker as a Russian who is a close associate of Putin. If you’re afraid of Martians …

In the case of FaceApp, do not panic, because for now there is no reason for this, but always think about whether to give any application access to your data, especially in exchange for such mundane profits as adding a few gray hair on your head. We will emphasize at the end that it is not our intention to defend FaceApp creators, but only to draw your attention to the fact that so many other applications work, some of which you use every day. We are a little sad that people start thinking about the privacy of their data, only when they see Russia in their privacy policy.

When in doubt don’t go there. These things are meant to amuse and thereby compromise the clueless.

1 Like

I was Wrong on The Internet when I raised alarm over FaceApp. It blew up. People got mad. Here’re the highlights.

So many people focus only on the photos. Sticking with that for a moment, I do think a massive database of faces would prove extremely valuable to facial recognition developers. So even if he isn’t selling the data today, the terms leave it wide open for him to do so in the future.

More importantly though is the amount of information apps have access to just by being installed on the device. Even if you lock them down, a lot of identifying information about you can be derived.

When someone asks me if an app is safe, I respond probably. But then I ask them "Do you think you’ll get enough enjoyment from the app to justify handing over an unknown amount of data to an unknown application publisher. Keeping in mind that most users do not pay attention to the permissions that apps request. What’s worse is that so many people have defeatist attitudes toward privacy or simply attribute little to no value to their data. People have become numb to the demands for and the attacks on their data. With each new breach the collective response has become no more than a shrug. Everyone seems willing to accept almost infinite risk for very little reward and personal privacy has been eroded to the point where the courts will eventually be able to argue that there is no longer any reasonable expectation of privacy anymore. They have already argued this in recent privacy rulings.

I will continue to resist.

Everything can be a potential threat. Every application, program, online service.
But most people do not care …

1 Like

So on the money @TimHolus they only begin to care after the damage is done. Foresight, logical thought seems to be missing from the modern mind.