Thought Leadership

App crazes and your risk – FaceApp

Author – Daniel Weatherly

Though no malicious activity from the FaceApp has been detected or observed, it does bring up an important point to make to everyone. You should be aware of what you are agreeing to when you install an app on your phone or laptop. You could easily wave rights, and provide all kinds of information from that device such as text messages, GPS location, email’s, address/phone books, phone number, devices ID info, list of other apps installed, what web sites you visit, etc.

And this data could also be sent to companies outside the US where privacy laws are vastly different or non-existent.

The point if this post is to get you to pause and think about (or read) what you are doing when installing an application before you do it. Companies do not create apps and distribute them to make zero money, doing so does not make sense. There is a revenue stream or other gain from somewhere or they would not be in business. That could come from advertising, selling the data that they collect, limited functionality until you pay, other or combination of any.

FaceApp is the app getting the focus right now by media and congress, but many other apps have similar terms or gather even more data on you. You as a consumer need to be aware of what you are providing to them, or the rights you are waiving by installing an app. If you do not like the terms, then don’t install the app.

——————————

Below are some parts of the privacy notes for FaceApp for your reference.

FaceApp’s privacy policy notes its affiliates and service providers “may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.”  The company that made FaceApp is located in Russia. This is one of the reasons that Congress has called for an FBI investigation into them and the app.

The company’s privacy policy does not explain how it safeguards user content stored on its servers.

FaceApp essentially owns images uploaded to its service and can use them in any way it wants. That could include anything from splashing your photo across a billboard to using it in the development of facial recognition technology.

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your username, location or profile photo) will be visible to the public.”

An app that denies you any rights in its terms and conditions should set your alarm bells ringing.

“Except for small claims disputes in which you or FaceApp seek to bring an individual action in small claims court located in the county of your billing address or disputes in which you or FaceApp seeks injunctive or other equitable relief for the alleged unlawful use of intellectual property, you and FaceApp waive your rights to a jury trial and to have any dispute arising out of or related to these Terms or our Services resolved in court,”

———————-

The security person in me could dream up all kinds of things from this info.

Example: They have a good photo of you, your name and vital details, can now link that with linked-in, Facebook, etc and build a very detailed record of you as a human being including your family, job details, coworkers, habits, locations, friends, likes and dislikes. They have your device ID and could possibly triangulate other devices, and target you with specific content to sway your decisions or influence your behavior or create deep fakes of your data to cause you harm though propaganda, blackmail, or cyber-attack. All outside US jurisdiction.

That’s what they conspiracy theorists would argue, thus allowing whoever has this data to control things like presidential elections ?

Such scenarios are possible to imagine if you think about it. When in doubt, don’t install or use an app, but ALWAYS pay attention to what you are giving the app permissions to do if you install it.

-Daniel

And this data could also be sent to companies outside the US where privacy laws are vastly different or non-existent.

The point if this email is to get you to pause and think about (or read) what you are doing when installing an application before you do it. Companies do not create apps and distribute them to make zero money, doing so does not make sense. There is a revenue stream or other gain from somewhere or they would not be in business. That could come from advertising, selling the data that they collect, limited functionality until you pay, other or combination of any.

FaceApp is the app getting the focus right now by media and congress, but many other apps have similar terms or gather even more data on you. You as a consumer need to be aware of what you are providing to them, or the rights you are waiving by installing an app. If you do not like the terms, then don’t install the app.

——————————

Below are some parts of the privacy notes for FaceApp for your reference.

FaceApp’s privacy policy notes its affiliates and service providers “may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.”  The company that made FaceApp is located in Russia. This is one of the reasons that Congress has called for an FBI investigation into them and the app.

The company’s privacy policy does not explain how it safeguards user content stored on its servers.

FaceApp essentially owns images uploaded to its service and can use them in any way it wants. That could include anything from splashing your photo across a billboard to using it in the development of facial recognition technology.

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your username, location or profile photo) will be visible to the public.”

An app that denies you any rights in its terms and conditions should set your alarm bells ringing.

“Except for small claims disputes in which you or FaceApp seek to bring an individual action in small claims court located in the county of your billing address or disputes in which you or FaceApp seeks injunctive or other equitable relief for the alleged unlawful use of intellectual property, you and FaceApp waive your rights to a jury trial and to have any dispute arising out of or related to these Terms or our Services resolved in court,”

———————-

The security person in me could dream up all kinds of things from this info.

Example: They have a good photo of you, your name and vital details, can now link that with linked-in, Facebook, etc and build a very detailed record of you as a human being including your family, job details, coworkers, habits, locations, friends, likes and dislikes. They have your device ID and could possibly triangulate other devices, and target you with specific content to sway your decisions or influence your behavior or create deep fakes of your data to cause you harm though propaganda, blackmail, or cyber-attack. All outside US jurisdiction.

That’s what they conspiracy theorists would argue, thus allowing whoever has this data to control things like presidential elections ?

Such scenarios are possible to imagine if you think about it. When in doubt, don’t install or use an app, but ALWAYS pay attention to what you are giving the app permissions to do if you install it.

-Daniel

  • Industry

  • Category

  • Regulation

  • Solution