Update #3: In a statement to 9to5Mac, FaceApp has addressed some of the privacy concerns. The company says it “might store” some uploaded photos in the cloud:
We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
FaceApp says that photo processing is done in the cloud:
FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
FaceApp is based in Russia, but it says that no data is returned to Russia:
Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Read the full statement below.
Update #2: TechCrunch now details more about the app
Update: Security researcher Elliot Alderson has provided additional information on FaceApp, refuting the speculation from Nozzi. FaceApp has yet to respond to our request for comment.
If you’ve been on the internet at all over the last several days, you’ve likely seen people posting images from the viral application FaceApp. The premise is that FaceApp transforms selfies and other pictures by applying aging, glasses, and more. Unfortunately, it also looks like it has its own share of privacy concerns.
Developer Joshua Nozzi took to Twitter today to share something he noticed when using FaceApp for the first time. Once he granted the app access to his photos, it started “listing them slowly a row at a time, almost like network delays.”
From there, he quickly enabled Airplane Mode, and all of the images appeared instantly. FaceApp, however, wouldn’t let him select any of the photos because he was offline. He speculates this could be a sign that FaceApp is uploading your photos:
BE CAREFUL WITH FACEAPP – the face aging fad app. It immediately uploads your photos without asking, whether you chose one or not.
As soon as I granted access to my photos it started listing them slowly a row at a time, almost like network delays. I quickly hit Airplane Mode and it instantly listed them all, refusing to let me select any because I’m offline. IT’S UPLOADING ALL YOUR PHOTOS.
One possibility is that FaceApp isn’t necessarily uploading all of your photos, but rather only the one that you choose to “ageify.” Nonetheless, ideally FaceApp will further clarify its privacy practices soon.
FaceApp is a free download on the App Store, but offers various in-app purchases, including a recurring subscription for the “Pro” version of the app.
Many of these viral applications can often have hidden motives and privacy concerns. For instance, the viral “Twinning” app from Popsurgar last year claimed to match selfies with celebrities, but it was also found to expose personal photos.
It’s always wise to take a step back when apps like FaceApp go viral. While they are often popular and can provide humorous content, there can often be unintended consequences and privacy concerns. Because nothing can ever be fun anymore.
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.
BE CAREFUL WITH FACEAPP – the face aging fad app. It immediately uploads your photos without asking, whether you chose one or not. https://t.co/LlqkDpy4ZO
— Joshua Nozzi 🇺🇸👨🏻💻 ⚣ (@JoshuaNozzi) July 16, 2019
— Kevin Clark (@vernalkick) July 15, 2019
Can't wait for this Face App thing to turn into a privacy nightmare like every other trendy face scan app
— Kyle Seth Gray (@kylesethgray) July 16, 2019
FTC: We use income earning auto affiliate links. More.