FaceApp is cool again, and adamant it's not a privacy minefield
FaceApp’s next frontier is bringing its image-editing magic to video, ideally to create live filters on top of videos. A limited version of this feature has already soft-launched on the iOS app, letting you try the old age and child-like filters free of charge. The clips are choppy and struggle to keep up if you move your head too much, but the result is still staggering. Currently, legions of VFX artists spend months aging and de-aging stars in movies, but that could all change.
“You’ve got 60 frames a second, you got 60 seconds a minute, [you’re] looking at 2,000 frames a minute,” said Ravalia. “If you’re going to retouch [all] that, you need to make masks and go frame-by-frame, it’s a two-to-three week job, but we want to do that [with] a single tap.” The preview videos are sent to a server to be processed, but in the future, the option could be available natively on devices.
Wherever FaceApp goes, political contortions about the nature of deep-learning apps and user-uploaded content follows. When the app spiked in popularity last summer, it quickly raised the ire of political operatives.
Bob Lord, Chief Security Officer at the Democratic National Convention, was quoted by CNN instructing party members not to use the app. “This novelty is not without risk: FaceApp was developed by Russians.”
Senate minority leader Charles “Chuck” Schumer even contacted the FBI to ask for its impression of the app. In a letter, which Schumer posted to Twitter, Jill C. Tyson, Assistant Director at the Office of Congressional Affairs, said that the FBI sees any tech, developed in Russia, as a “potential counterintelligence threat.” She went on to explain that because Russia has the power to seize data stored on any server in the country, anything FaceApp has, the government can access.
A warning to share with your family & friends:
This year when millions were downloading #FaceApp, I asked the FBI if the app was safe.
Well, the FBI just responded.
And they told me any app or product developed in Russia like FaceApp is a potential counterintelligence threat. pic.twitter.com/ioMzpp2Xi5
— Chuck Schumer (@SenSchumer) December 2, 2019
Ravalia said that while there may be live previews on-device, the only image uploaded to the server is the one you choose. It is encrypted with a key that’s only held on your phone, “even if someone came to us asking for this photo, we don’t store the key.” He added that all images are “temporarily cached for 24 hours,” and if you don’t choose to re-edit the image in that time, it’s marked for deletion, which takes another 24 hours.
“Users should be more worried about the data the company openly collects, instead of worrying about a conspiracy to secretly siphon the world’s selfies.” – William J. Altman, SOSA
In response to the accusations that the images are being piped back to Russian soil, Ravalia reiterated that FaceApp uses Amazon and Google’s cloud servers. “We store encrypted photos at the regional location closest to the user or in the US,” he said. “For the US, it’s always the US, and for the EU users, it could be the EU or US.” “Anything that is stored on the server-side, whether that is Amazon or Google, is basically what we have. What we have on the client is basically nothing. Those are OS file objects, Google or Apple has much more control of that.”
Unlike almost every other social platform, FaceApp does not ask you to create an account. Ravalia added: “We don’t have a log-in, we don’t have a user ID to link people, we don’t do a lot of things that are associated with the user,” he said. “In our settings, we give users the option to delete their data, and that includes your push tokens, your subscription token, that — in some jurisdictions — could be personal data, so we delete it all.”
Building a toy app could be a very efficient way to source vast quantities of user data. Surely, if you can make something fun, you can use it to acquire a huge amount of free information that can then be used to train your deep learning models, right? “Absolutely not,” said Ravalia, “we solely use user’s photos for the editing functionality,” he said, “we do not use that photo for any other purpose, be it training, selling data, advertising, nothing.”
“We’ve done everything, product-wise, to make sure that we are doing things to abide [the law], and we want to listen to users and critiques,” he said.
Engadget contacted Bob Lord, who initially raised concerns about FaceApp’s security, who did not respond at the time of publication.
Given the horror stories around popular social media apps — most recently involving TikTok, you may expect FaceApp to be terrifying. Engadget contacted numerous security researchers and businesses to ask for comment, but the results were surprising. Tal Bar, the CEO of security company Octopus, said “from a security standpoint and a high-level overview, we don’t see anything problematic on the device level but this requires further testing.”
William Altman is a Cybersecurity analyst at SOSA, a company that pairs startups with large companies and governments. He says that FaceApp “is not an overtly malicious application tricking us all into surrendering our data for nefarious reasons, at least right now.” He added that, as with all free software packages, “users should be more worried about the data the company openly collects, instead of worrying about a conspiracy to secretly siphon the world’s selfies.”
He added that the only other risk that he can see is how FaceApp collects your device’s metadata. “For example, the app can determine the computer and mobile device operating system, system type and version number, manufacturer and model, as well as IP address.” “While this kind of data is not directly harmful to users if exposed,” he added, “the fact that it is being collected does warrant further questions about FaceApp’s metadata-harvesting practices.”
On this point, Ravalia says that FaceApp’s main business model is to drive subscriptions to its professional suite. For a monthly, yearly or lifetime fee, users can get access to all of the app’s filters and effects, only a handful of which are available for free. And, so far, FaceApp’s made enough money to keep the company running. In comparison to a lot of other social platforms, FaceApp doesn’t spend much on advertising and instead hopes that the organic growth of filters draws the necessary attention.
Ravalia says that people who get lured in by a viral effect often keep subscribing long after. Even bad publicity is often good for FaceApp.