‘Not just faceapp, many other popular apps too are breaching users’ privacy’

Any app that asks for biometric data inputs creates data privacy concerns, say cyber experts

FaceApp, the AI face editor app, surged in popularity as millions of users transformed their faces to look older. Lately, a lot of news have been doing rounds that the app might be breaching privacy. If users give some time and go through the privacy policy before clicking ‘yes’ on the terms of service, they will see that FaceApp’s privacy policy makes it clear that the app pulls data, such as your location, IP address and log file information, for the purpose of aiming targeted ads at you. With data like that, advertisers can target users in specific regions.

The Russian app has raised national security and data-privacy concerns after reports emerged that it can download images off user’s camera rolls. Although the company that owns FaceApp has denied the claim, saying the app takes only the photo you ask it to manipulate. The company also said it deletes “most images” from its servers within 48 hours of uploading, although there’s no way to confirm that it does so in practice. “Our support team is currently overloaded, but these requests have our priority,” FaceApp founder Yaroslav Goncharov said in a statement. “We are working on the better UI for that.”

If one look at FaceApp’s terms of service, they state– “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your user content and any name, username or likeness provided in connection with your user content in all media formats and channels now known or later developed, without compensation to you.” This closely mirrors Facebook’s terms of service that say “when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings).”

According to Virag Gupta, a Supreme Court advocate and cyber law expert, theprivacy policy makes it clear that FaceApp is able to collect and store information from user’s phone and it might be used for ads or other forms of marketing. “Very less is known about credentials of this Russian app so there is a big risk to the user’s privacy,” he says.

Cyber expert Amit Dubey feels any app that works on biometric inputs should come under data protection law. “There is a finite probability that such data can be misused against you. Authentication systems work on biometric inputs and FaceApp is owned by a company, Wireless Lab, that’s based in St. Petersburg and they are not under such data protection law.”

He adds, “Not only photographs, this app also collects the location and browsing history details.  FaceApp’s privacy policy states that it also collects location information and information about users’ browsing history. It seems the real purpose of this app is not to collect your facial data but to see through your browser. Your browser tells a lot about you, including your name, age, ethnicity, location, interest, recent searches and your close friends. This data can be used in many ways to profile you and to launch an influencing strategy against you something like Cambridge Analytica did in USA elections.”

Not just FaceApp, according to cyber experts, many other popular apps are breaching users’ privacy.

“Any app that asks for biometric data inputs creates data privacy concerns. But because several of these apps are under strict data privacy law, the probability of misuse of the data is very low. Most of the free dating apps neglect the basic data privacy guidelines and create serious concerns for the users,” claims Dubey.

Sabyasachi Mitter, Founder & Managing Director of Fulcro, feels FaceApp has grown in popularity quite rapidly and its slick use of AI is commendable.

However, it is equally true that its terms ensure that once you use the app, you sign a blank cheque to your privacy. While many may argue that users should read the terms carefully before downloading any app, the same is practically infeasible, says Mitter. “One can’t expect lay users to sift through and make sense of the legal fineprint. While the potential of privacy violation in the case of FaceApp has come to the fore due to its popularity, closer scrutiny would probably bring out thousands of apps with equally dubious terms.”

“In my opinion, users trust App Store and Play Store when an app gets listed there for download. Inherently, people believe that enough sanity checks must have been done before the app was approved. The onus, therefore, must fall on the respective stores to read the fineprint and warn users if there are clauses in the terms that could potentially infringe on a user’s privacy and then leave it to the user to decide,” he says.

“For users of free apps, the popular saying goes that if the product is free, most likely you are the product. The cost of such free products is recovered by monetising the data generated from users,” Mitter adds.