July 18, 2019
What You Need to Know About FaceApp's Controversial Terms of Service
Posted by Rhiannon
- What is the controversy all about?
- What is true and what isn’t?
- FaceApp’s response
- How can you protect yourself?
What is the Controversy All About?
FaceApp rose to prominence in this news cycle for its ability to take a selfie and show users what they will look like older. The app can also change hair styles, manipulate backgrounds, swap genders, and more. However, the fun and games were soured when news broke surrounding privacy concerns related to the app (which is owned by Russian start up Wireless Lab) and its terms of service. There were three main concerns with use of the service.
The first issue stems from a rather lengthy clause which states: “you grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.” Essentially any information you share to the app becomes theirs to use as they see fit. This has raised alarm bells that the company, which offers its app for free, might sell your data to other parties. Some have also voiced fears about the app being owned by a Russian company.
The second concern many people have is the app’s lack of transparency regarding how it processes your photo. Many image manipulation apps do all of the hard work on your actual device. However, FaceApp uploads your photo to the cloud. This has generated buzz about whether the app retains photos and, if so, for how long.
Finally, some users have claimed that it accesses a device’s camera roll even after the user denied it permission to do so. This claim is actually not quite true (we’ll explain below), but it still generated fears about user privacy on the app.
What is True and What Isn’t?
The fears and concerns surround FaceApp sprung up quickly, as did rumours surrounding what the app could and could not do. Some claims have been blown out of proportion and others have been found to be outright false. So, what’s fact and what’s fiction?
When you accept FaceApp’s terms of service, you do grant them the right to share your data with affiliates as well as the right to use your content for commercial purposes.
While this fact is worth being concerned about, it’s by no means an isolated or even unusual term of use, which many people believe. Facebook also has a clause in their terms that states: “if you share a photo on Facebook, you give us permission to store, copy, and share it with others.” Many other tech companies include similar conditions and, while this behaviour is concerning, it is also legal.
FaceApp was created and is run by the Russian company Wireless Lab.
As soon as some people learned the business behind FaceApp is Russian, they immediately started fearing that the app secretly worked for the Russian government to provide them with our data. Just because a company is Russian, that does not mean they are in the pocket of the Russian government or acting as a spy on the government’s behalf.
FaceApp processes your photos using the cloud to do it. They also are not upfront about this information. That means when you allow the application access to a photo, that photo is uploaded to the cloud without you knowing it. While their terms of service do allow them to keep that photo indefinitely, the business’ founder, Yaroslav Goncharov, has since released a statement (which we’ll share below) to claim that they remove most images within 48 hours. Users can also request that the app delete their information.
Some users believe that because their photo uploads to the cloud, FaceApp has access to all information about them. In most cases, this isn’t true. Users can access many of the app’s features without actually logging in to use the service. By not logging in, you reduce the amount of information the app can learn from you. Yes, they will have an image of your face (which is absolutely worth being wary of), but they can’t learn every detail about your life through this method of use.
If you want to upload a previously-taken photo of yourself, you have to grant the app access to your photos.
Some of the earliest concerns about FaceApp claimed that, even when a user denied the app access to their camera roll, the app could still access those images. This raised fears that the app was insidious enough to be able to access all data on a private device. Experts have since proven that claim false. Instead, the issue actually arose from a design built into Apple’s iOS 11. The operating system allows apps to see (but not access) your camera roll so you can choose a single photo to give the app access to. This feature did make it appear that FaceApp could still access the entire camera roll, but looks were deceiving in this case.
FaceApp’s Response to the Terms of Service Controversy
TechCrunch, an online tech-related news agency, reached out to FaceApp for a response regarding the privacy concerns. In their statement, they address all allegations head on, explaining the reasons behind certain actions. The company states that they do not sell or share user data with third parties (including the Russian government). They also explain that they use the cloud to enhance app performance and reduce traffic. This is FaceApp’s response in full:
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.”
How Can You Protect Yourself?
Privacy concerns like this exist prevalently in the tech world, and not just isolated to FaceApp. However, there are a few ways you can protect yourself. Before using an app or other online service, take the time to read their terms of service. This helps you remain aware of any privacy rights that you are signing over to the company. Reduce how much information you share online and never share personal data like banking information or passwords. Using a VPN like HotBot VPN can also reduce how and where your actions online experience tracking. Don’t ever take photos of anything that could be compromising to you. For example, racy images or screenshots of personal information like banking details should be avoided. And finally, use your gut instincts. If you don’t feel comfortable with a service, don’t use it.
Privacy concerns in the tech industry are nothing new. They are worth keeping on top of, so you can remain informed about how your privacy may be impacted online. Remember to weigh the risks against the rewards. Is a photo of you in old age important to enough to risk a possible privacy breach?]]>
Posted by Rhiannon
More Blog Posts
January 21, 2023
Privacy Tip of the Week: Use Security Questions on Your AccountsSecurity, or password recovery, questions are a tool used by online accounts to verify that the owner of the account is who they say they are. It helps users recover forgotten passwords and adds an extra layer of protection to prevent accounts from being hacked. For any account that you can add a security question […] Read more
January 6, 2023
Everything You Need to Know About Ransomware and How to Avoid ItCybercrime is a huge problem facing internet users around the globe. One of the most popular types of cybercrime out there is known as ransomware. In this form of attack, hackers sneak malicious software, also called malware, onto unsuspecting users’ devices. The malware quietly encrypts files or programs, making them completely inaccessible to the device […] Read more
December 13, 2022