FaceApp is a photo and video editing application developed by Wireless Lab, a company based in Russia. The app has been around for some time but caught the eyes of privacy advocates last year and NPC responded by conducting an assessment around August 2019.
In its latest assessment, NPC said it found significant differences between the 2019 and 2020 versions of FaceApp’s privacy policies.
The NPC also found that FaceApp had full disclosure of using third-party cloud providers: Google Cloud Platform and Amazon Web Services.
“Only photographs specifically selected for editing are uploaded to the cloud, where they are temporarily cached during the editing process and encrypted using a key stored locally on the user’s mobile device,” the statement said. “The assessment has also found that the 2020 FaceApp version no longer requires users to disclose their mobile number and Facebook login information for identity verification.”
The latest version gives users more choices in what data they want to provide as well as permissions on the data they provided.
Cybersecurity companies also said it didn’t find any malicious elements but still cautions on sharing images as facial recognition is now used as passwords.
Caution in image upload
The NPC shares the same sentiment.
“Do not be afraid to explore new technologies but use it with caution. Report abuse if any.” Privacy Commissioner Raymund E. Liboro said. “The public must not immediately give in to privacy panics. Rather, we should read and learn how to analyze privacy notices and policies. Ask yourself, is the app and developer being fair by providing choices and notices? These privacy notices are the window to transparency on how companies and developers will protect your data and rights.” he added.
In general, the NPC reminds users to take precautions before uploading selfies and other photos to social media. If abused or misused, these seemingly harmless actions may expose users to data privacy risks, such as unauthorized access, processing, and malicious disclosure due to negligence.
The NPC is also reminding companies of their responsibilities over face- recognition activities on their platforms, including preventing the abuse or misuse of their customers’ personal data.