August 2, 2019

A recent social media campaign, “#faceappchallenge” went viral last week and elevated the related application, FaceApp, to the top of iOS App Store charts in over 121 countries.  The app, developed in 2017 as a subsidiary of the Russia-based startup company Wireless Lab, adds filters to a user’s photographs through artificial intelligence to show what the user would look like when she or he is older, younger, or displaying different facial features such as beards, mustaches, and more.  As the app’s popularity surged, some opened their eyes to the “tiny print” related to using such apps, and many expressed concerns over FaceApp’s privacy features and data-collecting abilities.

The primary concern for most users involves FaceApp’s use of personal photographs for commercial services.  When consumers agree to its terms of service, FaceApp receives a “perpetual” license to use any uploaded content.  As a result, many users were concerned that Wireless Lab could (and would) use photographs uploaded to the app for promotional purposes anywhere in the world , especially without the consumers’ knowledge.  Additionally, FaceApp’s privacy policy clarifies that the app pulls data, such as a consumer’s location, IP address, or log file information, to aim targeted ads at that specific consumer.  While this technique is not illegal, it sparked a privacy debate nonetheless.

FaceApp’s storage methods have also raised red flags;  the app uploads pictures to a “cloud” rather than storing them locally.  Wireless Lab claimed they use this technique to improve overall app performance and traffic issues, and that the app deletes “most” images within forty-eight hours of their upload. On the flip-side, consumers have been quick to point out that most does not mean all.  Many wondered what Wireless Lab does with the pictures remaining in the cloud after the forty-eight hour mark? Its founder, Yaroslav Goncharov, repeatedly denied sharing consumers’ personal information with the Russian government or other third party.  He also stated that users may request that FaceApp delete their data via the “Report a Bug” function.

In conclusion, accusations that the app can access user photographs without permission, or that the app shares personal information with other third parties, appear to be unfounded.  However, while it is unlikely that FaceApp is stealing entire camera “rolls” of photographs for commercial use, consumers should not consider the app risk-free.  Other technology companies seeking to avoid the same negative PR should take precautions to keep their products out of the data privacy hot seat.

The Takeaway for Developers

One method to maintain consumer trust is to be transparent with a product’s privacy policy and terms of service.  These aspects of FaceApp were vague, untrustworthy, and raised questions of underlying company misconduct.  Clarity within these terms and policies could establish a greater impression of trustworthiness among consumers than that held by FaceApp.  Also, to mitigate concerns over a product’s data retention, companies should provide a streamlined, efficient method for deleting personal data – whatever that data may be – from the product at any time.  Unlike FaceApp, which permits users to request data removal through an allegedly suspicious and potentially unreliable “Report a Bug” function, products with an easy data deletion process will provide users with a greater feeling of control and security over their personal information.

If you want to go viral like FaceApp, without all the negative PR too, developers need to take heed.