The possible security risks of photo transformation app FaceApp

Are you among the countless netizens who can’t resist the new ‘gender swap’ filter that has been recently added to the features of FaceApp? It surely is fun getting an idea of how a person could possibly look like being born in a different gender, but is getting into the bandwagon actually safe?

The re-emerging popular app “does not contain any malicious element.” This is according to Fabio Assolini, senior security analyst at Kaspersky, a multinational cybersecurity and anti-virus company. However, the cybersecurity expert is not totally clearing the app of possible security issues.


Facial recognition

Assolini emphasizes the use of facial recognition for password authentication. Thus, he advises everyone to be very careful especially when sharing their physical photos with third parties. Assolini warns that companies operating apps that collect and store facial images could possibly “facilitate or sell these images to entities that use artificial intelligence to make facial recognition modifications.”

Image from Facebook user Rise Morisette (@iStanMorisette)

“It must be taken into account that this data is stored on third-party servers and that it can also be stolen by cybercriminals and used to impersonate identities,” Assolini said.

FaceApp is a Russian-owned app introduced in 2017 but reached the peak of its popularity in 2019 when it rolled out its ‘old filter’ feature, which renders the possible look of a user in 50 years. In December 2019, the US Federal Bureau of Investigation issued a warning against FaceApp and other Russian developed apps, which it said could be a ‘potential counterintelligence threat.’

Online security

In response to security speculations, FaceApp developer Yaroslav Goncharov is assuring users that the app is not sharing data with Russian authorities. According to Goncharov, FaceApp removes photos from its cloud servers every 24 to 48 hours, after those images are last edited. He even assured that all images are encrypted using a key that is locally stored in a user’s device. Photos, he added, are only temporarily cached on FaceApp’s cloud servers during the photo editing process.

To ensure safety and security, users of similar viral apps are advised to first read and understand privacy terms. Assolini reiterates the advantage of downloading any app only from official app stores. In addition, Kaspersky reminds everyone to treat facial recognition as a form of password (and not use it everywhere) and to always be mindful of the requested permissions (like logins in social networks or other password-enabled accounts).