With the popular FaceApp you can look older on photos, but you also give your photos and personal information to a company that can sell them. What exactly can the buyers of this information do with it?
What is FaceApp?
FaceApp is a popular smartphone app that allows you to place a filter on selfies. This allows you to see, for example, what you would look like as an old man or woman. The popularity of the app has grown in recent weeks and is also being used by many celebrities.
What exactly does FaceApp collect?
FaceApp collects and saves all photos that users take. In addition, data that identifies your phone is also stored, along with cookies, log files, your location and your app use.
What does FaceApp do with this data?
All your data is shared with "companies in a group that FaceApp is part of, or companies that can later join this group". They are officially used to improve the services of all these companies.
Because other parties can freely join this group, in theory every company has access to the data. This allows an external party to also buy your data. FaceApp does not disclose which institutions have been allowed to look at the data so far.
Could that data be misused?
If the FaceApp data falls into the wrong hands, it can be used to sketch an extensive profile of your online behavior. Your photo and the identification code of your phone can be linked to data from, for example, data leaks, to identify your interests. Even leaked e-mail addresses, credit cards and passwords can be linked to this profile.
By sharing cookies from your device, even your surfing behavior on the internet could be mapped. Such data can be misused for, for example, identity theft or espionage.
Does this really happen?
No specific situations are known in which data from FaceApp were misused by, for example, crime. However, the amount of processed data and the privacy conditions make this possible in theory.
Cyber criminals have in the past exploited leaked data in a similar way to, for example, steal identities or hack accounts.
Surely tech companies collect data more often? Why is there so much fuss at FaceApp?
FaceApp is made by Wireless Labs, a company based in Russia. The company does not have a European office, which makes it difficult to invoke the European privacy law. The company is probably not responding to requests to hand over or delete your data. In addition, FaceApp will not tell you where your data is at the moment.
The fact that the company is in Russia is also a source of suspicion among critics. Government hackers in the country have been accused several times of hacking attacks and attempts to spread disinformation on social media. Antivirus company Kaspersky even had to move its headquarters from Russia, after allegations that the company cooperates with the local government.
How do I prevent my data from being misused?
The data collected by FaceApp can no longer be removed from the company. You can choose to remove the app and no longer use it, to prevent Wireless Labs from collecting new data from you.
In addition, with future free apps it is wise to see where the creator is and what happens to data. An app's privacy statement often states what the developer collects and what it is used for. If a company is located in Europe, then the maker must adhere to a strict privacy law, which means you can always request that your data be deleted.