FAST FACTS: FaceApp data privacy concerns

Gelo Gonzales
FAST FACTS: FaceApp data privacy concerns
An app that makes users look older creates some privacy concerns as it stores selfies on its server, and because of its origin

MANILA, Philippines – You’ve probably seen them all over Instagram: faces of your friends if they had been decades older. 

That’s because of an app called FaceApp, a photo editor that lets you make your selfies look younger or older, add a smile, and change your hairstyle, among other options. The most popular feature so far though is the option of adding years and wrinkles to your face. It’s very realistic and fascinating, leading to the app’s popularity. 

With the popularity, comes some controversy, including one US senator who has called for an investigation of the app. 

Why the worries? 

The worries root from the fact that the selfies are being uploaded and processed on FaceApp’s server, and that the app was uploading the user’s entire camera roll on the server – although several online experts have come out to say that they have found no evidence pointing to such. 

The company that owns the app has also caused some concern because it is based in Russia, and whose CEO is a former executive at the Russian counterpart of Google, Yandex. Russia has generally not had the rosiest reputation when it comes to cyber issues, although, again, some have pointed out that it isn’t fair to judge the app just because of where it is based. 

Users also cannot delete the photos on the app’s servers by their own. They have to make a request to FaceApp in order to do so, as told to TechCrunchDelete requests can be sent “via the mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line.” The company also told the site that it’s adding that it’s “working on a better UI for that.” 

Another concern? The terms of service may be problematic, lacking specificity in such a way that the company may be able to use people’s data such as their usernames, names, and likenesses for commercial purposes. The Verge, quoting lawyer Elizabeth Potts Weinsten, says that the terms of service may not be compliant with the GDPR, which may be the biggest concern for anyone who cares about their data. The site also reports that the company has said that it doesn’t sell user data to third parties. 

What have researchers found?

The Verge says that they’ve found that the app isn’t “doing anything particularly unusual in either its code or its network traffic, so if you’re worried about FaceApp, there are probably a bunch of other apps on your phone doing the same thing.” Although, the site adds that “the conversation does bring attention to standard tech practices that might be more invasive than users realize.”

Researcher Jane Manchun Wong that she hasn’t found anything “fishy” in the app: 


iOS researcher Will Strafach says he hasn’t found evidence that the app is uploading the full camera roll to remote servers: 


Another security researcher going by the monicker Elliot Alderson warns not to judge the app just because it comes from Russia:



Forbes also found out that the servers of the app are based mostly in America, not Russia. “The servers for were based in Amazon data centers in the U.S. The company told Forbes that some servers were hosted by Google too, across other countries, including Ireland and Singapore,” says the site.

Generally, nothing has been seen that there’s anything serious behind FaceApp. Practice some vigilance. If you want to use it, be aware that it’s going to get a hold of your face photo. That’s the trade-off here, and most apps will have this trade-off: your data for their service. If you’re uncomfortable having your photo on an app’s server, avoid using it. –

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.