Catch Of The Week: Data Privacy And App Usage

Los Alamos

It’s July, and it’s hot. So hot that … your friends are all prematurely aging? Surely by now you’ve seen Facebook friends posting images of themselves in 50 years, all thanks to a fun app called FaceApp.

FaceApp uses artificial intelligence to “age” uploaded photos by 50 years. So far, the app has been downloaded by around 80 million users.

Aside from the existential horror of seeing yourself in 50 years, it’s all fun and games until researchers start reading though the user and privacy agreements: by using this app, you are granting the app’s makers “permanent rights” to any uploaded photos.

Bonus: the makers of this app are based in Russia. Read on to discover the truth about FaceApp, and what you need to know to protect your privacy.

What’s the deal with FaceApp, and is it that bad? In some ways, yes, in other ways … it is surprisingly normal. The FaceApp terms of use state that users “grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use” their data.

So anything you upload, whether it’s a picture of you or one of your kids, becomes the property of FaceApp. But what does this mean, and what could possibly go wrong?

That the app’s makers are based in Russia is not cause for panic, despite some claims to the contrary. According to an article by Ars Technica, Wireless Lab, which created FaceApp, denies storing any user data in Russia. The company stated to TechCrunch that “Even though the core R&D team is located in Russia, the user data is not transferred to Russia,” and they state that images uploaded by users are hosted on Amazon and Google cloud services.

FaceApp also states they don’t sell/share any user data with third parties, the app only uploads photos selected by users and that most images are deleted from their servers within 48 hours of upload date.

Lots of popular apps are created and owned by foreign countries, for example, TikTok, which is owned by a Chinese company.

But what about my pictures, isn’t it horrible that FaceApp owns them forever? Well, technically the company owns the images you upload, but they do not appear to be doing anything horrible with them (yet), and you shouldn’t panic if you have used this app. If you seriously enjoy aging yourself by 50 years and have zero qualms with the terms of use, have at it. But perhaps all this fuss should make you stop and think. What are you handing over to companies when you sign up to use their services; be it an app, an account on social media platforms, etc.?

Terms of service and other end-user agreements are intentionally made to be difficult to decipher to discourage users from reading through them. Many of the apps and other services that we use likewise gobble up and own your data; many sell your data to third parties (hello, Google, and Facebook).

The truth is FaceApp is just a drop in the bucket, a tiny fish in a sea of data gobbling sharks.

What can you do? Be stingy with your data, and be careful what apps you use. Is it worth giving up the rights to your uploaded pictures forever, so that you can use an app to look old and post it on Facebook? When you use an app, keep in mind that the fun, interactive part of the app is just the tip of the iceberg; behind the scenes, they are likely making money off your data.  

When using social media platforms, you can set different levels of privacy and data sharing. If you are uncomfortable with the idea of big corporations chomping up your data, make sure you set privacy settings to the max. Facebook, Google, and many others offer numerous ways you can tweak these settings.  Just go to your account and look for the “Privacy” section.  

When downloading apps, consider reviewing the terms of use, while painful, it’s better to know what you are agreeing to. Also, review what permissions the app is requesting to use to run on your phone. Does a silly bubble popping game app require access to your contacts, your Facebook account, your camera, your phone, etc.? Don’t haphazardly grant apps access to your life; stop and consider whether the access is really necessary.

In cybersecurity, one important concept is the “hardening” of a system. You take a computer and try to remove all services except those that are necessary for it to do its job. By doing so, it helps to remove unnecessary risks (things that could be exploited by an adversary) and reduce the attack surface.

Have fun with technology, but try to keep this concept in mind to protect what’s important to you. Review user agreements so that you are aware of what you are handing over to an app or social media platform. Don’t grant unnecessary permissions to apps and social media platforms; only give access to the bare minimum that is required for the service to run.

“Hardening” your social media/app permissions stance is a small way you can take back control of your data, and stop feeding the data gobbling shark swarm.

Consumer Privacy Tips:

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.