Concerns Over FaceApp Remind Us That Users May Not Fathom the Permissions They Grant Apps
Geoffrey A. Fowler, tech columnist for the Washington Post, opens his July 17 article with a question that’s pertinent to millions of app users: “When an app goes viral, how can you know whether it’s all good fun — or covertly violating your privacy by, say, sending your face to the Russian government?”
In an email response, the founder of Russian-based FaceApp answers Fowler’s question: Yaroslav Goncharov asserts user data is not transferred to Russia.
But should Russian servers even be our chief concern?
Fowler’s article opens with a focus on that issue – including a link to an article describing N.Y. Sen. Charles Schumer’s call for an investigation of FaceApp based on “security concerns and Russian ties” – but his Post piece quickly transitions into more important questions about the company’s terms-of-use statement, the routine trust that consumers place in gatekeepers like Google and Apple to vet the app makers, and some of the questions consumers should be asking themselves about any app that uses their personal information.
In brief, FaceApp applies artificial intelligence (AI) to photos to illustrate how a person might age. Millions of users have submitted photos of their faces and those of public figures, but few submitters were probably aware of the privacy and other risks involved.
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.”
Indeed, such language should keep privacy advocates awake at night – as well as all consumers of FaceApp and other programs. Most FaceApp users routinely click “accept” to this language, unaware they’re permitting the company to use their images in perpetuity in just about any fashion it wishes. Imagine your image in an advertisement for something you find embarrassing. There are other issues, too, including that you “warrant” that you own the images uploaded, have the right to enter into the terms, and “agree to pay for all royalties, fees, and any other monies owed by reason of the User Content you stylize…” through the app. Were those really your intentions?
Still another concern is that FaceApp accesses other information on a device. In Koetsier’s July 17 Forbes.com article, Rob Le Gesse, former Rackspace manager, says, “To make FaceApp actually work, you have to give it permissions to access your photos – ALL of them. But it also gains access to Siri and Search.”
A second Forbes writer, Thomas Brewster, attempts to add perspective to the FaceApp furor, in his July 17 article titled “FaceApp: Is The Russian Face-Aging App A Danger To Your Privacy?”
He suggests the heightened concern stems from a developer’s tweet that “set off a minor internet panic.” The tweet mirrors the allegation cited by Rackspace’s Le Gesse – that FaceApp might be taking every photo from your phone and uploading them to its servers.
The FaceApp situation, like those before it and those surely to come, reminds us that it remains the consumer’s responsibility to read and analyze the terms of service for any app before clicking “accept.”
View the PDF version of this article.
About the Author
- Information2020.09.11New Podcast Series Focuses on the Careers of Women Leaders in Information Governance
- Government2020.01.30Pentagon’s Warning on DNA Testing is Applicable to all Consumers
- Analytics2019.12.31Introducing the Information Governance Implementation Model (IGIM)
- Information Access2019.12.20The Challenge of Balancing Information Access Demands and Risk Management Throughout the Information Lifecycle