FaceApp, an viral application that uses artificial intelligence to allow users to edit their photos to make themselves look old among other features is raising privacy concerns.

The new version of FaceApp, the original having been launched in 2017, comes with a privacy policy that gives the creators of the app an unlimited license to display user photos worldwide as well as access to their location data. Another section also allows FaceApp to share user content with businesses affiliated with the developers.

To add the ultimate bogeyman into the story, the app was developed by a company in Russia, and in 2019 anything Russian is immediate grounds for paranoia among many even when there are no known concerns.

“It’s a Russian company, so once you grant access you are granting access to all of those companies,” ABC News chief business correspondent Rebecca Jarvis noted.

Some have raised concern that the iOS version of FaceApp is indexing all photos on a given Apple device and uploading them to the cloud.

“BE CAREFUL WITH FACEAPP – the face aging fad app. It immediately uploads your photos without asking, whether you chose one or not,” developer Joshua Nozzi warned, according to 9to5Mac. “As soon as I granted access to my photos it started listing them slowly a row at a time, almost like network delays. I quickly hit Airplane Mode and it instantly listed them all, refusing to let me select any because I’m offline. IT’S UPLOADING ALL YOUR PHOTOS.’

The developers of the app have strongly denied this is the case, noting that the only photo uploaded is one chosen by the user because the AI processing takes place in the cloud. The image uploaded is only kept for 48 hours before being deleted, the developers said, before adding that although they are Russian, the images are not uploaded to Russia. The company also said it hosts its data on Google Cloud and AWS and does not sell or share user data with any third parties.

Ultimately, the truth here may simply be a poorly written privacy policy versus any malicious activity. As whitehat hacker Marc Rogers wrote on Twitter, “#faceapp terms aren’t different from other social apps.”

The attention FaceApp’s terms and privacy policy is getting in the media “serves as an important reminder that free isn’t free when it comes to apps” Rick McElroy, head of security strategy at cybersecurity firm Carbon Black Inc., told SiliconANGLE. “The user and his/her is the commodity, whether sold for purposes like marketing or more nefarious things like identity theft and the creation of deep fakes.”

His advice: “Don’t use apps that need access to all your data and be sure to read the EULAs to ensure the app gives users some sort of control and protection based on where the data is stored and processed.”

Image: FaceApp