20 Jul 2019

FaceApp’s Privacy Policies and Ground Realities

FaceApps Privacy Policies and Ground Realities

FaceApp while not a new application has become popular again in recent days after social networks were filled with photos with an aging face. The application uses a neural network to modify the face of the users and executes this process in the cloud so there are users who are concerned about privacy that comes with using the application. As reviewed by several media the terms and conditions of use of FaceApp are not respectful of privacy; to which the Russian company that is after the development is added. Some in fact ensured that the app uploaded all the photos to the cloud without the users permission.

About Privacy Policy

There are same the terms and conditions of using FaceApp as well as its privacy policy as we see on other platforms. The company behind the application has not changed the privacy statement since it was released in mobile stores (AppBrain marks the premiere of Google Play in February 2017). An important detail is that it breaches the European data protection law of General Data Protection Regulation (GDPR) because it collects private user data without the user having access to them or downloading a copy with everything stored. The most striking was the line in which the service informs through its privacy policy that by using the app you provide a perpetual irrevocable nonexclusive royalty-free worldwide fully-paid transferable sub-licensable license to Face App to use reproduce alter adapt and publish your data. They also use the users information to create and improve their content and services and share the information with third parties although they say they do not sell the data without the users consent. Diving in what store FaceApp servers does not come as a surprise: it is common in this type of social applications because it maintains ambiguous terms for what was collected without clearly specifying the destination of the data obtained. As declared by FaceApp the application saves the following information on the servers:

  • Photos and multimedia content: It is the basis of the service since the effects are applied on images that we upload.
  • Analytical data: FaceApp records what is used most of your application and web service.
  • Cookies: FaceApp makes mention of cookies although this information is basically restricted to accessing the web not to the use of the mobile application.
  • Use log or «log»: The servers keep the use made of the web also of the application.
  • ID: FaceApp associates the application with the device that downloads it in order to have a specific user reference. This identifier is stored in the mobile and also in the servers. It is not the device ID the unique identifier of each Android.
  • Metadata: Each action in FaceApp as in the rest of applications generates information in the form of structured data.
These are stored on the servers. As we can see FaceApp saves the usage data that the other applications usually store; and shares them with the companies in your group as well as with the affiliates. Do not distance yourself in excess of WhatsApp Instagram or Twitter for example; without this being an excuse for not recriminating and denouncing the poor transparency of the application and the service.One of the most controversial points is that when uploading content to FaceApp we give the license of use to the company so that it can do what it deems appropriate with the photos. This is specified in the terms of use (updated for the last time in February 2017). This content may be used for commercial purposes. And something important: Given the controversy generated by its application (selection of publishers on Google Play by the way) Yaroslav Goncharov has issued a statement to TechCrunch in which clarifies some doubts about what they do and what they do not with the photos and data generated by the user.

In the statement Goncharov says that FaceApp performs most of the processing of photos in the cloud specifically in AWS (Amazon) and Google Cloud. Note that We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud. The FaceApp service tries to say that only the photo chosen by the user is uploaded exclusively and not one more. And what about that picture? It stays saved but it is erased. The main reason to save the photo is performance and traffic. Goncharov comments that we want to make sure that the user doesnt upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date. According to the CEO of FaceApp the photos will be stored to prevent the upload of repeated images and improve the speed of processing. Regarding the data to which the app has access the CEO points out that All FaceApp features are available without logging in and you can log in only from the settings screen. Consequently as the CEO added an overwhelming majority (almost 99%) of the users cannot Login to FaceApp and thus our service cannot access to any data by which a person can be identified. Nevertheless in the privacy policy without updating from 2017 the service informs users the following: When using FaceApp Service certain information is automatically recorded by the companys servers from the log files cookies device identifiers and location data. The service may also accumulate similar information from emails sent to you which then assist the company in tracking which emails are opened and in which links the recipients click. The approach to collect information lets the company to generate more accurate reports and to enhance service. When you access FaceApp service by using use a mobile device the service provider can access gather observe store on device used by you and / or remotely store one or more "device identifiers" which are small data files stored in your mobile device. Put in simple words a device identifier is the data: saved in connection with the device hardware or software; saved in connection with the device operating system; or data delivered to the device by FaceApp. It also states "we do not sell or share any user data with third parties" but in its privacy policy there are some exceptions in which they admit that they may share User Content and your information with businesses that are legally part of the same group of companies that FaceApp is. However its privacy policy states they may remove parts of data that can identify you and share anonymized data with other parties. Also the CEO ensures that any user can request the removal of all their data from the servers. And yes it is possible but the process is somewhat tedious because you have to go to the app access the settings go to "Support" click "Report a mistake" and send a mail to the team with the subject line of "privacy". We are working on the better UI for that says Goncharov. The user can request the deletion of their data but the process is not exactly simple. Finally one of the data that has generated controversy is that the CEO is Russian so it is a Russian application that according to some voices uploaded information and stored it in Russia. Goncharov wanted to clarify this by informing that even though the central R&D team of the app is in Russia the users data is not transferred to Russia. He further added that they use the Google and Amazon cloud and both are American companies.

The Ground Reality

Anyway FaceApp is another example of how we voluntarily renounce our privacy. FaceApp does not do anything other than apps like Facebook Instagram or Twitter: use user data to show targeted advertising and improve services. The company behind the application Wireless Lab uses the metadata generated by FaceApp and the results of its Artificial Intelligence (AI) on the images to improve the process the application and to offer a better advertising experience by adapting the ads to the user. Leave the door open to the marketing of the photos without specifying the specific terms.

The images are of the users and are stored mainly in servers of the United States; as much as they can save them in any country where FaceApp is used such as Russia. In the privacy policy there is an important warning: the application covers the backs without ensuring that the data cannot be intercepted: FaceApp cannot ensure the security of any information you transmit to the application. It does not reassure much.

    In short this is what can happen with your data and photos if you use the FaceApp application:
  • You will share your images and the usage data generated when using FaceApp with the service. All this information is stored in the companys servers.
  • The information stored is mostly in American servers; no matter how much data can be stored in other countries where the application operates.
  • FaceApp is governed by California laws as well as applications such as WhatsApp or Facebook.
  • The photos and the modifications belong to you but you grant the license of use commercialization and modification to FaceApp.
  • All data collected by the service can be shared with other companies in the group and affiliated with FaceApp.
  • The minimum age to use FaceApp is 13 years always with the consent of the parents.
Maybe FaceApp is not dangerous but Digital Grahiks advice you to must be careful with what you share in it. Modifying a simple selfie does not entail excessive risks beyond the usage data that the application requires but if we retouch delicate photos there is a certain danger. As with all social applications at the time we use them we lose much of our privacy since we enable public use of everything we share in them. Lets become aware of how we use the Internet and the applications that are interconnected thanks to this gigantic network. FaceApp has simply put the debate back on the table.

Do you have a project in mind? Tell us

Purposes of data protection: Sending our commercial newsletter and informative and advertising communications about our products or services that are of interest to you, including by electronic means. Legitimation: Consent of the interested party. Recipients: Data transfers are not planned. Rights: You can withdraw your consent at any time, as well as access, rectify, delete your data and other rights at info@digitalgraphiks.com. Additional Information: You can expand the information in the Privacy Policy link.