advertisement
Editor: Varun Sharma
Camera: Abhishek Ranjan
Amidst a collective cheer among the global youth upon discovering what they’ll look like at 80, the now viral FaceApp has found itself charged with allegations about violating privacy of its users.
Let’s ‘face’ it. None of us ever read the ‘Terms & Conditions’ or ‘Privacy Policy’.
At a time when protests against facial recognition systems are gathering momentum worldwide, concerns with the face-editing app arise regarding how it stores, processes, shares images of our faces as well as other data we generate.
The Quint went through the Privacy Policy and the Terms of Use of FaceApp and found many sections that raise major questions including about the app collecting our browsing history.
For those who love the app and have had their faces turned older or younger, the questions is – what’s the issue with this seemingly harmless fun?
While there is no denying the ‘fun’ part of the app, to understand the issue of harm, it is wise to take a step back and consider what the app does with our facial images and data.
Security researcher, who goes by the pseudonym Elliot Alderson on Twitter, provides the short answer. “Once the photo is uploaded it's not yours anymore,” Alderson told The Quint.
The major privacy questions with FaceApp app are of two kinds:
To find an answer to these questions, let’s take a look at what the app’s Terms of Use and Privacy Policy reveal in their fine print. We’ll also compare them to what app founder Goncharov had to say.
Section 5 of FaceApp’s Terms of Use – “User Content” – states that it does not claim ownership over any of the images but appears to be wresting control of substantial rights over our images.
FaceApp claims that by using the app, the user grants a “perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license...”
A license for what exactly?
The next paragraph of Section 5 contains two important sentences:
Let’s pause and examine what these sentences imply.
WHAT FOUNDER & CEO GONCHAROV SAID
Apart from claiming that they do not sell our data to third-parties, contrary to what the terms of use say, Goncharov also stated that they do not have access to data that can personally identify the user.
This is a good point to explore the question of whether and how the app can indeed establish the identity the user:
Can the app establish the identity of the user?
Yes, because the Privacy Policy explicitly states that it collects information from “cookies, log files, device identifiers, location data, and usage data.” These are all personally identifiable information.
The section also appears to be contradicting itself.
For example, under Section 3 – “Sharing Your Information” – the app states, “We will not rent or sell your information to third parties outside FaceApp (or the group of companies of which FaceApp is a part) without your consent...”
But the same section also states:
This is precisely what Alderson warns users against. “People should be careful with their personal data. If you upload a picture of your face to a random app you don't know how the company behind the app will use it,” Alderson told The Quint.
It is important to note that the Privacy Policy under Section 4 – “Storage and Processing” – does not explicitly state that the images are processed in the cloud servers and not on-device.
However, in response to The Quint’s queries, Goranchov responded that “FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.”
Dismissing a viral tweet from Wednesday, which claimed that the app had access to the entire photo library in our smartphones, Goranchov stated that “this is not true. We only can access a photo user specifically selected for editing.” He also added:
To be fair, FaceApp’s terms and conditions are standard for most apps we download. Snapchat has almost identical provisions but has elicited little attention towards its privacy policies.
A few things to keep in mind are explicitly providing consent by opting in for features and services. Sometimes features are set as opt-in by default and it is important to opt out of them if we do not want them.
Moreover, it is important to not provide access to camera, contacts, messages or call logs if they are not essential to the app’s core functions.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)