Why are we talking about FaceApp in terms of security?
This application is an instant aging system, capable of making anyone look younger or older from a photo. No face can resist it!
All you need to do is take a photo of your face and let artificial intelligence do the rest. In a few seconds, you’ll have your avatar in front of you, only with more wrinkles and the traces of passing time…
But since it’s become so widely used, doubts remain about its level of protection for personal data.
The origins of FaceApp in question
For those who don’t know yet, FaceApp was created and developed in Russia. This is far from being an insignificant fact when you consider that Russia is the 10th country most affected by malware, and France is the 4th (2018 Kapersky survey).
As a reminder, some people still believe that Russia is the country of choice for hackers. The reason for this is the famous NotPetya virus which broke out in 2017. Many still believe that Russia was where it originated, although there’s no evidence to support or refute this theory.
And if its renewed popularity, two years after its creation in 2017, is due to the arrival of the “FaceApp Challenge” launched by celebrities, the most informed remain suspicious as to the origin of this new fashionable application.
Is Google in on the action?
The problem is that FaceApp saves your photos on its remote servers. For storing photos, the application uses two servers located outside of Russia which belong to two GAFAM companies: Amazon and Google.
It should also be noted that Google is once again involved in a case related to data security, but this time in spite of itself.
FaceApp defends itself against suspicions of interference by stating that “most” of the images stored on these servers are deleted within 48 hours. However, the terms used by Wireless Lab OOO (the company who manages the application) remain vague.
The Cloud is your enemy
And yet, it’s from the company’s cloud that FaceApp retouches the photos submitted to the aging filter using the machine learning.
As the database grows, it becomes easier for the app to apply the most suitable aging filter.
In other words, FaceApp applies the correct filter using the photos stored on its server. All that remains for the system to do is to compare the photos and reuse the same filters as similar photos.
Is it legal?
The T & C’s (Terms and Conditions of Use) are clear: the application reserves the right to modify, reuse or subsequently exploit the retouched photo.
In other words, by using the app, you give the company the right to use your image as it sees fit!
However, don’t panic! It is not in the company’s best interests to distribute the faces of its users and risk being boycotted en masse or having to deal with bad publicity.
And the GDPR in all this?
Last but not least: FaceApp is not in compliance with the European GDPR (General Data Protection Regulation). Le Monde also reveals that the general conditions of use have not been updated since 2018. Your data is therefore not protected under European laws.
And requesting the deletion of your data is nearly impossible! No form exists for this type of request on their site.
Let’s also observe what the CNIL recommends, which rightly points out that
“The attractiveness or playfulness of the service offered must not obscure any possible compensation for the use of your personal data”.
The Commission Nationale de l’Informatique et des Libertés (National Commission on Information Technology and Freedom) points out in this regard that:
“A company must offer certain information to the user, which must include the following:
- whether their photos are stored in the European Union or outside the European Union, as well as their retention period;
- if they are shared with third parties (e.g. business partners, etc.);
- if they are reused for other purposes (e.g. advertising, research, etc.);
- and whether or not there is a way to exercise their GDPR rights (opposition, deletion, access to data, etc.).”
FaceApp, applications: 4advices to save your personal data!
In other words, these types of applications seem harmless because they’re used for fun, but they’re actually open doors to your personal data in addition to malware.
The following tips will help you take precautions for protecting your data when you download/use applications:
- When installing an app, never allow access by default to your camera, folders or files of any kind. Never forget, your biggest enemy is permissiveness!
- To avoid automatic access to your personal information during possible updates, you can manage application permissions by modifying the rights granted to your applications in your mobile phone settings.
- you can also use this opportunity to disable automatic application updates! This modification will protect you from any unpleasant surprises.
And last but not least: TAKE TIME TO READ the Terms and Conditions of Use, at least what’s referred to as the applicable law, the rights assigned and the data collected.
Just remind yourself that you wouldn’t sign a contract that you haven’t read…so make sure you do the same for apps!