Skip to content

FaceApp Isn’t The Real Privacy Threat

September 4, 2019

This article originally appeared in Loss Prevention Magazine.

Recently in the news you probably saw, read, or heard something about FaceApp—a mobile application that takes a picture and uses artificial intelligence to change the age, hair color, facial structure, and other facial attributes. There has been a high degree of scrutiny around the app and news articles from just about every major news publication, from Forbes to independent news sources, about the privacy risks in using FaceApp.

Earlier in July, a software developer named Joshua Nozzi tweeted about these purported privacy violations, warning people that FaceApp “immediately uploads your photos without asking, whether you chose one or not.” It was this tweet that sparked the media frenzy around FaceApp. FaceApp later released a statement in response to this accusation that the app only uploads selected photos, not all your photos, to a company server and applies a filter, just like any other online photo-editing software or app. Furthermore, all the app’s features are accessible without an account, so 99 percent of users don’t log in and therefore have not shared their personal data with the app.

The terms of service, much like many online free or paid services, are ambiguous at best: they’re long, laborious, and hard to understand for the layperson. FaceApp’s terms are straightforward. They have “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.” When you read that and the news gets hold of it, the first thing that is thought is that they can do anything they want with all your data. However, this just means that they can do anything they want with your uploaded photos, like sell it or use it for advertising, not your other personal data.

Evidence wise, there is nothing to show that FaceApp is stealing data. In fact, you consent to giving them your photo, much like you do with other online services like Instagram, Facebook, Flickr, and others. I strongly recommend that you read other terms of service; you’d be quite surprised with what Facebook can do with your data.

FaceApp is no different than most apps that are out there. For any app you don’t have to pay money for, you’re giving something else up. In a previous article “We Gave Up Privacy for Convenience Years Ago” I talked about the fact that we are the product, not the app. All these apps need to monetize their services some way, often by using our information, photos, or our location. This has been happening as early as the 1990s, when Google launched its search engine and collected the data to sell to advertisers. This business model still exists today, with Facebook making over 98 percent of its revenue on advertising alone in order to profit from a social media platform that is free for users.

FaceApp has some eerie things that are different than other apps, but it is mostly similar. One of the public’s big concerns is what happens with that photo when you upload it to the app and what can be done. There are some rumors about the potential for the app to be a training facial recognition algorithm. This could be true, but this theory doesn’t make a lot of sense based on the app. This type of app is not new; in 2017 FaceApp came under fire for using a blackface filter. It was promptly removed, but the app has been in and out of the news for a while.

FaceApp is a lot of fun, and I’ve used it myself. I think when you’re online you must take necessary precautions to protect your privacy, and everything you do is a choice. If you choose to use FaceApp or any other social media, there is some sort of cost. Wired published an article called “Think FaceApp is Scary? Wait Till You Hear about Facebook,” where it highlights the concerns we should all have about online privacy and social media, and I couldn’t agree more. Facebook has similar terms of service as FaceApp, but the public isn’t nearly as concerned about this. Being worried about FaceApp is understandable, but you should extend this caution to social media and free apps in general because they all use your data. At least FaceApp produces a cool looking picture in return for collecting your data.

PC Magazine’s article “Is FaceApp Really a Privacy Threat?” offers almost the exact same opinion as mine in this article. It also touches on whether you should be afraid of the Russian connection of FaceApp. In fact, only the FaceApp developers are in Russia, but the company is based in the United States. It’s common to have overseas developers, so this is no surprise to cybersecurity experts.

According to a lot of security researchers, including myself, we all should calm down. The app isn’t trying to invade your privacy or mass upload photos from your phone. There is no evidence to support that this is happening. You should be careful with any application that you upload information to, not just FaceApp because it has ties to Russia.

Tom’s column is featured in every issue of Loss Prevention Magazine. To subscribe to the printed version of the magazine and enjoy other great content, visit