FaceApp is the app of the moment: it exists since the beginning of 2017, but only recently the world seems to have noticed (or remembered) its existence, in particular, thanks to the filter that allows people to age or rejuvenate. The result is particularly convincing because the app’s filters exploit highly evolved artificial intelligence.
The app does not take pictures: it processes only those already present on the device. As a result, many celebrities have been involved without their knowledge in the #AgeChallenge, thanks to their fans (but there are also those who have actively participated, such as Gordon Ramsay).
It didn’t take long for someone to spread the “alarm” that FaceApp sends data to foreign servers, specifically Russians (since that’s where it comes from), without the user’s knowledge. Some have even said that the app requires full access to the photos in order to upload the entire gallery to their servers.
Some things are true, others are unfounded, and for others, there are very important “buts” to keep in mind. The gist of the matter is that there is no evidence of suspicious activity and that there are no big differences between uploading photos to (example) Facebook or Instagram and uploading them to FaceApp; for those who want some more details, instead, here is a brief summary:
- FaceApp actually uploads photos to an external server: the company says that AI processing is very complex and requires computing power that cannot be reached by all smartphones on the market. The most modern top of the range devices have coprocessors dedicated to AI, but the cheaper and older ones do not. Applying these filters would take too long, so use the data centers.
- FaceApp says that it deletes the photos from its servers “shortly after” having processed them. On this point, we must trust the words of society, but there is no reason to suspect that it is lying – at least not any more than the others.
- The security researcher Will Strafach, who among other things is the managing director of Guardian Firewall, has analyzed the traffic generated by the app and has found no evidence that FaceApp loads the entire roll of the device on which it is installed onto the cloud, only the photo to be processed.
HOWEVER: they do appear to upload single images in order to apply the filters server-side. while not as egregious, this is non-obvious and I am sure many folks are not cool with that.
— Will Strafach (@chronic) July 17, 2019
- Among other things, the photos are not uploaded to Russian servers, but American ones – specifically Amazon AWS. Even the experienced “app investigator” Jane Manchun Wong said she found nothing suspicious by analyzing the files contained in the app package.
I am not seeing much fishy in FaceApp
Photos are uploaded to FaceApp’s servers on AWS w / authorization. Not much info is being sent to other users (eg interactions)
I just wish there’s an option for users to delete their photos from the server
– Jane Manchun Wong (@wongmjane) 17 July 2019
- The lawyer Elizabeth Potts Weinstein, however, notes that the privacy statement leaves much to be desired: she says that it is not even remotely compliant with the GDPR, especially since user data can be transferred outside the EU.
— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
- The conditions of the service also explain that (even here, like many other platforms) FaceApp has many rights to the photos that are uploaded, including sharing, editing, publishing and so on – without recognition of royalties.
In short, we can say that there is nothing too serious, even if some aspects could be improved with a clearer and more transparent communication. But we repeat, the company is wide.
FaceApp is available for free download for Android and iOS; however, most filters are only accessible to Pro users, who pay € 20 per year (there is a 3-day trial period). In any case, the filter for aging/rejuvenation is free. Here are the download links: