faceapp privacy photo leakage data consumer public personal security cybersecurity awareness training app

FaceApp Might Age You More Than You Think

FaceApp is getting a lot of heat for their lack of privacy concerns in their Terms of Service, such as accessing all your photos and obtaining personal information about you.

FaceApp. So. The app has gone viral again after first doing so two years ago or so, according to Tech Crunch. The effect has gotten better but these apps, like many other one-off viral apps, tend to come and go in waves driven by influencer networks or paid promotion. Tech Crunch first covered this particular AI photo editor from a team of Russian developers about two years ago.

It has gone viral again now due to some features that allow you to edit a person’s face to make it appear older or younger. You may remember at one point it had an issue because it enabled what amounted to digital blackface by changing a person from one ethnicity to another.

In this current wave of virality, some new questions are floating around about FaceApp. The first is whether it uploads your camera roll in the background. No evidence was found of this and neither did security researcher and Guardian App CEO Will Strafach or researcher Baptiste Robert.

The second is how it allows you to pick photos without giving photo access to the app. You can see a video of this behavior here:

While the app does indeed let you pick a single photo without giving it access to your photo library, this is actually 100% allowed by an Apple  API introduced in iOS 11. It allows a developer to let a user pick one single photo from a system dialog to let the app work on. You can view documentation here and here.

faceapp privacy photo leakage data consumer public personal security cybersecurity awareness training app

Because the user has to tap on one photo, this provides something Apple holds dear: user intent. You have explicitly tapped it, so it’s OK to send that one photo. This behavior is actually a net good in my opinion. It allows you to give an app one photoinstead of your entire library. It can’t see any of your photos until you tap one. This is far better than committing your entire library to a jokey meme app.

Unfortunately, there is still some cognitive dissonance here, because Apple allows an app to call this API even if a user has set the Photo Access setting to Never in settings. In my opinion, if you have it set to Never, you should have to change that before any photo can enter the app from your library, no matter what inconvenience that causes. Never is not a default, it is an explicit choice and that permanent user intent overrules the one-off user intent of the new photo picker.

Apple should find a way to rectify this in the future by making it more clear or disallowing if people have explicitly opted out of sharing photos in an app.

faceapp privacy photo leakage data consumer public personal security cybersecurity awareness training app

One good idea: the equivalent of the “only once” location option added to the upcoming iOS 13 might be appropriate.

One thing that FaceApp does do, however, is it uploads your photo to the cloud for processing. It does not do on-device processing like Apple’s first-party app does, and, like it, enables for third parties through its ML libraries and routines. This is not made clear to the user.

Tech Crunch has asked FaceApp why they don’t alert the user that the photo is processed in the cloud. It’s also been asked whether they retain the photos.

Given how many screenshots people take of sensitive information like banking and whatnot, photo access is a bigger security risk than ever these days. With a scraper and optical character recognition tech you could automatically turn up a huge amount of info way beyond “photos of people.”

So, overall, I think it is important that we think carefully about the safeguards put in place to protect photo archives and the motives and methods of the apps we give access to.

Panzarino, Matthew. (2019, July 16). AI photo editor FaceApp goes viral again on iOS, raises questions about photo library access. Tech Crunch.

  •  
  •  
  •  
  •  
  •  
  •