Just a couple of days ago the FaceApp mobile app went viral after millions of users started using the filter which, applying artificial intelligence software and a photograph of the user, generates rendered images adding or reducing the age of users, cybersecurity experts report.
Taking advantage of the popularity achieved by the app, a developer decided to post a series of tweets assuring that FaceApp could be collecting without permission all the photos stored on the user’s smartphone to send them to servers operated by the company, raising alarm among users concerned about the security of their data.
However, various members of the cybersecurity community say that, so far, no one has evidence that FaceApp collects users’ photos to send them to servers operated by Russian, Chinese or anywhere else hackers.
Joshua Nozzi, the user in charge of ‘turning on the alarms’ stated hours later that his intention was to generate awareness among FaceApp users because, actually, the application asks the user for access to their entire image gallery. The “inaccurate” statement is the one the developer made about FaceApp might be uploading the images to servers in foreign countries.
“Apparently this is just a storm in a cup of tea,” said the cybersecurity expert researcher known under the alias ‘Elliot Alderson’. The expert downloaded the app and verified that FaceApp developers only take a copy of the photos that users want to transform with the app’s filters to create backups on the company’s servers.
The FaceApp developing company is actually in the Russian city of St. Petersburg, however, the expert demonstrated that the FaceApp server is located in the United States, not Russia, China, etc. To be more precise, FaceApp.io servers are stored in Amazon U.S. datacenters. In conclusion, the expert added that while the app uses code developed by third parties, these developers’ servers are also in the U.S. and, to a lesser extent, Australia.
Although this could be considered a false alarm, experts from the International Institute of Cyber Security (IICS) believe that users should be genuinely concerned about the permissions they grant to mobile apps they use daily. To check if any of the apps you use require too invasive permissions, go to the ‘Settings’ menu on your smartphone; in case an app has too many permissions, you can cancel them or delete the app from your system.