Privacy Problem: Linking the #10YearChallenge and FaceApp

Laura BednarCybersecurity and VulnerabilitiesLeave a Comment

face recognition app hinders privacy

The rising popularity of FaceApp may seem like a harmless way to see your future self, but the privacy issues are hardly worth the risk. While the latest controversy sparks concern over Russia, the problem does not lie within one endpoint, but where your personal information is sent after reaching that endpoint.

Biometric indicators like facial recognition gain something unique to the individual: the shape and appearance of a face. When users post photos of their face on apps and social media they are volunteering personally identifiable information (PII) to what could be an innumerable amount of cybercriminals on the other end.

Contact Us Now

What is FaceApp and What Do They Want?

FaceApp is a photo-editor for your face with filters that can show you older, younger, or with a different look altogether. It uses artificial intelligence to make these changes and is available in both the Apple App Store and Google Play. The app was created by Yaroslav Goncharov and uses the Cloud for photo processing.

The issue consumers had was that they believed the app was uploading a phone’s entire camera roll. Goncharov disputed this fact saying that the app only uploads a photo that was selected by the user and most photos that are stored within the app are deleted from their cloud server after 48 hours.

FaceApp claims they won’t sell or rent your information to third parties without consent, but previous policy breaches like Facebook’s Cambridge Analytica scandal are leaving people concerned.

One Informational Slip Deserves Another

People freely giving away facial recognition data is not just a fleeting trend. Almost exactly six months ago, the #10YearChallenge blew up on social media. It was a photography comparison challenge where a user would include a picture of themselves from 10 years ago and compare it side by side with a recent photo of themselves. It started in January 2019 after one Twitter user posted comparison selfies and quickly gained traction.

This type of data makes it easy for machine learning software to target advertisements and generally understand how people age. When this type of data is offered up voluntarily, it is easy to harvest the information and build an app like FaceApp. There is six month’s worth of facial information publicly available and the newest app is trained for aging a person’s face and other features with accuracy.

Director of Forensics at Secure Forensics, Allan Buxton said, “In an age where our faces can be used as keys for our mobile devices, TSA checkpoints, and even Customs entry into the country, anything that collects those key identifiers and can accurately predict their progression as we age is a threat.”

While this recent app may be all fun and games, Buxton explains, “When those pics get posted to social media, or when FaceApp is inevitably sold to a larger, richer company, that information has the potential to be used or abused by others.”

Is Privacy Elusive in 2019?

One of the key problems along with app usage is the device you use to upload photos, videos, and the like. FaceApp users reportedly said that their iOS device was overriding their settings after denying permission to access a camera roll. The device does give users the power to choose whether they want to block an app from having camera access but still allows them to select an individual photo, offering a lot of control to the device itself.

Phones and other mobile devices have settings like location and wi-fi that, while running, allow for your phone to collect even more information on you. The GDPR has called for clearer privacy policy explanations so the consumer will understand what is being collected or not and who it is sold to, but these regulations have yet to make their way to the United States.

Protecting Your Face and Other Information

Buxton offers a few tips for staying safe, “If anyone has an interest in their privacy, they need to consider their use or installation of every app carefully. Uninstall apps you’re not using and turn off global services if you’re not using them.”

While companies and devices may seem like the problem, consumers offering up their personal information through public mediums is how privacy issues begin. If you believe you are the victim of hacking or your business has been affected by a data breach, our dedicated team at Secure Forensics can help, call 1-800-288-1407 to find out more about our services.