A few months ago, FaceApp was the application that everyone spoke. With it, you could edit your appearance so that you would see yourself when you are old, through an “age” filter.

Many images of users with this filter have been published on social networks like Instagram, Facebook or Twitter, including celebrities such as actors, or influencers. This application has caused great entertainment.

The application is not new, it was launched two years ago for IOS and Android operating systems. However, a few months ago it has become viral by improving the capacity of the filter by which the user can modify his face and modify his image with about 60, 70 and 80 years.

But not everything is perfect. FaceApp privacy policy notes its affiliates and service providers “may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.”

What the FaceApp privacy policy says.

The privacy policy of FaceApp has not been updated since January 20, 2017. More than two years without changes. We are also facing a basic policy, very common in small companies that did not expect to have such a large reach.

Through the terms of use and the privacy policy we can read what kind of actions FaceApp performs with our data. And it is easy to verify that they are not adapted to the General Data Protection Regulation (GDPR).

As described in the privacy policy, FaceApp uses our information to:

  • Provide personalized content and information.
  • Online ads or other forms of marketing.
  • Provide, improve, test and monitor the effectiveness of the service.
  • Develop and test new products and features.
  • Monitor metrics such as a total number of visitors, traffic and demographic patterns.
  • Diagnose or solve technological problems.
  • Automatically update the FaceApp application on the device.
  • FaceApp also shares usage data with third parties to improve the ads.

In addition to the advertising value of our data, one of the uses that our face has is the training of facial recognition algorithms. To understand it you just have to look at how they work. The algorithms are based on huge face databases, all of them anonymous but useful for AI to understand how the human face works.

Does FaceApp share our face to improve facial recognition algorithms? We do not know, but the privacy policy leaves the door open to it. As the “sharing your information” section indicates:

“We can delete pieces of data that can identify you and share anonymous data with other parties. We may also combine your information with other information so that it is no longer associated with you and share that aggregated information.”

FaceApp responds to privacy concerns

Those responsible for FaceApp have released a statement informing about the operation of their application and what happens with the photographs. According to the statements, only one photo is uploaded to the FaceApp servers, which the user selects. And it is kept for 48 hours and then removed. In this way the loading and editing processes are more agile for all users, without the service collapsing by uploading the same photo over and over again. It also informs you of the steps to request that a photo or information be deleted from your servers. Just go to the Settings of the application, look for the Support option and here Report a bug or report a bug. The word “privacy” or privacy in English must be included in the request message in order for them to respond to the request.

FaceApp CEO Yaroslav Goncharov provided the following statement:

1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.

2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.

3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings-> Support-> Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.

4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.

5. We don’t sell or share any user data with any third parties.

6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.

The last update of the Android application is from July 13, that is a few days ago, but right now the privacy policy of FaceApp is 2017. This is a serious problem since the application treats the images of users in the servers of a foreign company. This would include clearly specifying the data that is collected and giving the option of not collecting data that is not essential for the use of the service. In addition to the option to request that the data they have saved be delivered and deleted if we wish. FaceApp does not comply with the GDPR but in relation to making use of our photographs for commercial purposes does not depart from other large companies.