FaceApp, the application to apply filters and effects to the photos of your face, is having a new moment of success in recent days, after the one collected a couple of years ago. Millions of people around the world, including Italy, have started sharing the photo of how they will look old according to the application algorithms, using a filter that has already existed for some time, but which has been significantly improved in the latest versions by offering more likely results. In addition to filling social networks with photos of virtual seniors, the new success of FaceApp has brought with it new concerns about user privacy, related to the functioning of the application and the fact that it is developed and managed in Russia.
The company behind FaceApp is called Wireless Lab and is headed by Yaroslav Goncharov, a former manager of Yandex, Russia's leading search engine and portal. The app has been available since January 2017 and can be installed on both iPhones and Android smartphones. After installation, FaceApp asks for permission to access the photos on your smartphone, so that they can then be modified by applying the various filters, including the one for aging. It is a system common to many applications, but FaceApp does not make it clearly explicit that the data of the photos chosen for the changes will be collected by its systems and will be transferred to its servers.
After you have chosen a photograph from your camera roll, FaceApp sends it to the servers, where the image is physically modified. Once the operation is complete, the photo is sent back to the smartphone that sent it, with the required filter applied. The process is quite fast, but completely hidden: a circle is shown that fills up as the operation proceeds, without explaining somewhere that the image has left the smartphone, ended up on a server to be edited and then sent back to the mobile phone.
FaceApp is not the only application to use this system to edit photos, for example also Prisma, another app for photo effects that had achieved some success a few years ago. However, until yesterday, the Russian company had provided very vague information about the end of the photographs uploaded by users, once they were stored on the servers. Following the doubts circulated in recent days, Wireless Lab said that the photos remain on the servers “for a few days” and that they are then deleted, without providing more precise information.
Analyzing FaceApp's activity, some experts noted that the application uses servers provided by Amazon (AWS) and Google cloud services. The data and photographs are then saved in data centers located outside Russia and, according to the company that manages it, no information is saved directly in Russian territory. Even in this case, however, there is not much other information on the policies followed by FaceApp for data retention.
Responding to the criticisms of the last few days, FaceApp further explained that users have the possibility to request the removal of their data stored on the application systems. The process, however, is complicated: you have to go to the app settings, select the item “Support”, from the next screen “Report bug and send logs” and finally indicate “Privacy” in the subject of the email that is generated for the report . FaceApp claims that it will soon introduce a simpler system to request the removal of their data, but has not clarified when or how.
The FaceApp privacy policy is not reachable from any application screen and is only visible on the app site, in a rather spartan version. The indications are generic and include formulations that leave ample leeway on the use of the collected data, including the possibility of sharing them with other companies for commercial purposes. They do not remotely comply with the GDPR, the European regulation for the protection of personal data that came fully into force a year ago. Users cannot easily know what their data is in FaceApp and have little choice but not to install the application.
While there are many things that do not meet the standards (from the GDPR onwards quite high) that we are used to for managing personal data, FaceApp still does not do very different things from other applications that manage our photographs. Facebook and Instagram, just to name the two most used social networks, collect a huge amount of information from the photographs we decide to upload to their services. The images are used for numerous purposes, including those to improve the functioning of artificial intelligence systems, to automatically recognize the contents within the photographs.
Facebook, like Google and other larger companies, however, offer more tools to keep your data under control, to know what is being shared and to give you the possibility to delete your information. The commitment of these companies in this sense has intensified in the last year, thanks to the introduction of the GDPR. In principle, however, a photograph uploaded publicly on the Internet becomes accessible and available to everyone, and nothing prevents anyone from using it for purposes other than those for which it was placed online, even if they violate the law.
FaceApp is having a lot of success on iOS, hence the operating system used for Apple's iPhones. The US company has long been committed to offering more privacy tools to its users and, by and large, enforces quite strict rules on what developers who want to offer their applications on the App Store can and cannot do. So far the ability to produce apps that send photos to servers for editing has been granted, and will likely continue to exist in the future, but many are hoping that Apple will introduce clearer rules, requiring developers to make explicit uploading of images, for example. elsewhere than your phone. Apple has a facial recognition system, which it uses to categorize photos according to the person portrayed, but in its “Photos” app the process takes place exclusively on the smartphone.
In a nutshell, FaceApp is certainly not the only application to have vague and few clear rules on privacy, and you will probably have others that have been doing similar things on your smartphone for years. The concerns that have emerged in these days are however positive because, between an aged photo and the next, they help to increase sensitivity on the issues of the protection of personal data online and on how these are used, very often without the knowledge of users.
