Prominent Democrats and Republicans and many cybersecurity experts warned that FaceApp, which alters images to make a person look older or younger, could pose unexpected risks. But, some experts weighed in that the panic itself appeared overblown, cautioning that Instagram and other social apps may also have more access to personal data than users realize.
“People should know that giving a photo of their face to a random app is a very bad idea and has a lot of privacy issues,” French security research Baptiste Robert told NBC News. “They have no idea how their photo can be used.”
As PC Magazine reports, software developer Joshua Nozzi tweeted on July 15 that FaceApp “immediately uploads your photos without asking, whether you chose one or not.” The New York Post followed with the headline, “Russians now own all your old photos.”
Within days, Sen. Chuck Schumer (D-NY) was calling for a federal investigation into the Russia-based company that makes FaceApp, known as Wireless Labs. Nikki Haley, a former Republican governor of South Carolina and ex-ambassador to the United Nations, tweeted that FaceApp users were “giving them access to all of your contacts and info.”
But Robert and other security researchers pointed out that FaceApp only uploads the photo being edited, similar to other photo-editing software. “Most images are deleted from our servers within 48 hours from the upload date,” FaceApp told TechCrunch in a statement, claiming that no user data is “transferred to Russia.” And Nozzi deleted his original tweet, adding, “I was wrong.”
Still, FaceApp didn’t notify users in advance that even a single photo would be uploaded to its servers, as Guardian Firewall CEO Will Strafach observed on Twitter. Moreover, CNET notes that FaceApp’s terms of services are broad—and Russia aside, not so different from the blanket language consumers agree to when using Facebook, Instagram and Snapchat.
Liz O’Sullivan, a technologist at the Surveillance Technology Oversight Project, told NPR, “My impression of it honestly was shock that so many people were, in this climate, so willing to upload their picture to a seemingly unknown server without really understanding what that data would go to feed.”