At the beginning of the week, social networks were filled with agingimages with a watermark: FaceApp . Since last Tuesday, the photos have been changed due to doubts about the data and privacy with this application.
What data do they collect? What’s wrong with the photos? “Most of the images are removed from our servers within 48 hours after the upload date,” the Russian company said in a statement sent to Techcrunch.
On permissions in the Google Play Store, FaceApp accesses “the entire network”, “see network connections”, “receive data from the Internet” and “prevent the phone from going into sleep mode”. However, these practices are not exclusive to FaceApp.
Around 12,923 applications in the Google virtual store. Researchers from the International Institute of Computational Sciences (ICSI) in Berkeley, IMDEA Networks Institute in Madrid, the University of Calgary and AppCensus have analyzed a total of 88,000 applications of the Play Store and many of them violate the terms of the search engine giant.
FaceApp for its part maintains that it accepts requests from users who want their data to be removed from their servers, but currently “the system is overloaded”.
Doubts about security fly over this Russian company, although it ensures that it does not “sell or share any information of its users with third parties” and that although its development team is located in Russia, “the user’s information is not transferred to Russia” .
Goncharov’s company recalls in its paragraphs “you grant FaceApp a perpetual, irrevocable, non-exclusive, royalty-free license, worldwide, fully paid and with a transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works, distribute, publicly perform and display the user’s content and any name, user name or image provided in relation to its user content in all media formats and channels known or subsequently developed, without compensation for you ».
These terms are softer in applications like Snapchat and Instagram. «You grant us permission to show your username, your profile picture and information about the actions you perform (such as« I like ») or your relationships (such as followers) together with accounts, announcements, offers and other sponsored content ( or in relation to them) that you follow or interact with and that are displayed in the Facebook Products, without obtaining any compensation in return, “points out Mark Zuckerberg’s social network.
The images shared with these applications contain more information than the user thinks. When taking a picture, Android embeds the position and the time when it was taken snapshot.
With a bit of experience, an attacker can access sensitive user information such as the GPS position of the user. In addition, all experts point out that FaceApp does not comply with the RGPD.