LOS ANGELES - The Russia-based FaceApp has become a viral trend for its age-altering photo filter, but its terms and conditions have been raising privacy concerns.
The app has gained immense popularity for allowing users to digitally alter their age, from much younger to much older. Even celebrities have joined in, posting pictures of their youthful, current or elder selves. More than a million users have downloaded the app from Google Play, and FaceApp is now the number-one app in the Apple Store's "Photo and Video" apps section.
But the terms and conditions of FaceApp allow it to access to use, modify, adapt and publish any images that a user offers up in exchange for its free artificial intelligence service.
On Wednesday, the privacy concerns have led Senate Minority Leader Chuck Schumer, D-N.Y., to send a letter to the Federal Bureau of Investigation and Federal Trade Commission requesting them conduct an investigation into the app. Schumer wrote that the Russia-based FaceApp "could pose national security and privacy risks for millions of U.S. citizens."
"In particular, FaceApp's location in Russia raises questions regarding how and when the company provides access to the data of U.S. citizens to third parties, including potentially foreign governments," he wrote. "I ask that the FBI assess whether the personal data uploaded by millions of Americans onto FaceApp may be finding its way into the hands of the Russian government, or entities with ties to the Russian government."
Small business lawyer Elizabeth Potts Weinstein tweeted out the "User Content" section of FaceApp's terms, saying "if you use #FaceApp you are giving them a license to use your photos, your name, your username and your likeness for any purpose including commercial purposes (like on a billboard or internet ad)."
"You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate... distribute, publicly perform and display your User Content," the FaceApp terms read.
If you use #FaceApp you are giving them a license to use your photos, your name, your username, and your likeness for any purpose including commercial purposes (like on a billboard or internet ad) -- see their Terms: https://t.co/e0sTgzowoN pic.twitter.com/XzYxRdXZ9q— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
The conditions explicitly stated that by using the app's services, "you agree that the User Content may be used for commercial purposes."
The app, which was created in 2017 by Wireless Lab in St. Petersburg, Russia, will also not compensate users for the material and it will retain the image after a user has deleted the app, the Daily Mail reported.
Ariel Hochstadt, security expert from vpnMentor blog and former Gmail marketing manager for Google, told the Mail that he has warned people about apps like these before.
"Hackers many time are able to record the websites that people visit, and the activities they perform in those websites, but they don't always know who are those users," he said. "Imagine now they used the phone's camera to secretly record a young gay person, that visits gay sites, but didn't yet go public with that, and they connect his face with the websites he is using."
"They also know who this image is, with the huge DB they created of Facebook accounts and faces, and the data they have on that person is both private and accurate to the name, city and other details found on Facebook," he said.
The Russian government doesn't need to own the database it screens against the database from the app, the Mail reported.
"With so many breaches, they can get information and hack cameras that are out there, and be able to create a database of people all over the world, with information these people didn't imagine is collected on them," Hochstadt said.
The app could still be able to access photos on Apple's iOS platform even if a user has set photo permissions to "never," Tech Crunch reported.
"Unfortunately, there is still some cognitive dissonance here, because Apple allows an app to call this API even if a user has set the Photo Access setting to Never in settings," the outlet said.
But other people are also pointing out that FaceApp has similar terms and conditions to other widely used apps.
Elliot Alderson, a French security researcher, tweeted out Snapchat's terms and conditions.
"You also grant us a perpetual license to create derivative works from, promote, exhibit, broadcast, syndicate, sublicense, publicly perform, and public display Public Content in any form and in any and all media or distribution methods (now known or later developed)," Snapchat's terms said. "This means, among other things, that you will not be entitled to any compensation from Snap Inc., our affiliates, or our business partners if your name, likeness, or voice is conveyed through the Services, either on the Snapchat application or on one of our business partner's platforms."
These apps show just how much information people give away on the internet by using a "free" service.
"Your face is now a form of copyright where you need to be really careful who you give permission to access your biometric data," Steve Sammartino, a business technology expert, told a journalist, according to the Mail.
"'If you start using that willy nilly, in the future when we're using our face to access things, like our money and credit cards, then what we've done is we've handed the keys to others," he said.