PSA: FaceApp can use your uploaded photos and your likeness for “commercial purposes”

PSA: FaceApp can use your uploaded photos and your likeness for “commercial purposes”

FaceApp appears to be having a viral moment, again.

The two year old AI-driven photo editor from Russian company Wireless Lab, which rose in popularity for its realistic facial transformations in photos, is back in the spotlight.

Hard Fork!

Hard Fork?

Hard Fork

This time it’s for a new aging feature that allow you to edit a person’s face to make them appear older or younger.

This has recently triggered an #AgeChallenge (also #FaceAppChallenge) on social media, and everyone’s hopping on board. But in this new privacy climate, the app is attracting a bunch of concerns about its data collection practices.

The first one is about whether it uploads all your pictures in Camera Roll to its servers. It all started with a tweet from app developer Joshua Nozzi who cautioned users against using the app:

But the legitimacy of this claim has been seriously contested by various security researchers, who have said there’s no evidence for this behavior.

However it appears that FaceApp does allow users to select an image to apply the neural network filters remotely, as opposed to locally, i.e. on users’ devices without uploading information to the company’s servers.

The app makers don’t make this clear in their privacy policy either. It neither mentions processing photos on the server nor states how long it retains uploaded photos.

The policy does acknowledge that it collects photos (including metadata) and personal information (email addresses), and that the collected information may be transferred by FaceApp and its affiliates to other countries or jurisdictions around the world. This applies even if you are located in the EU or other regions that have more stringent data protection regulations.

This standard-issue privacy policy gives FaceApp a lot of room to play fast and loose with user privacy, effectively offering users no privacy protection at all.

What’s more, the terms of service also gives FaceApp a free hand to do whatever it wants with them:

You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.

Separately, concerns have been raised about how the app allows users to select a photo even if access has been denied. This has been found to be an API Apple introduced in iOS 11 that makes it possible for you to select just one photo from the photo library. The means the app cannot see your photos unless you tap on one.

But this behavior raises questions about why have this option at all when photo access is set to “Never.”

FaceApp has previously fielded accusations of “racism” for lightening skin tones, and criticized for adding ethnicity filters that allowed a person to see what it would look like if they were Caucasian, Black, Asian or Indian.

On the whole, while photo library access is a legitimate concern, incidents like these serve to highlight the importance of going through apps’ privacy policies and terms of service before signing up to use them.