If one were to delete an app such as FaceApp, is the damage of granting these apps access to your info already done or are you safe again?Security wonks can often get very snarky and dismissive of real, valuable questions like this. Many take the attitude that people shouldn't have downloaded the apps in the first place, which is not only unhelpful, but further cements the security wonk reputation for hating fun. Jose's question is valid: does deleting an app that was snooping on you in any way make you safe again?
The Real Story About FaceAppFirst things first: the fears about FaceApp specifically seem a smidge overblown. My colleague Michael Kan spoke to several security experts about FaceApp , all of whom said it was not overtly malicious and, in some cases, actually praised the app. Aviran Hazum, a researcher from the antivirus company Check Point, told Kan, "I must say that this app seems to be developed in a good fashion—no greedy permissions, and it does what they claim it does." In fact, Kan reports that the initial warnings that the app steals all your images without asking were baseless and were eventually retracted. It is true, however, that the app is from a Russian developer, but without any evidence that the specific app or developer has done something wrong, it's hard to hold that against the app.
While FaceApp may not be the sneaking terror we may have initially thought, it does have some problems. Like many apps and services we sign up for on a whim, it's not always clear what the app does with your information, how long its kept, or with whom FaceApp shares your information.
It's Still Not GreatI reached out to Bill Budington, the Senior Staff Technologist at the Electronic Frontier Foundation (EFF), to get a sense of what FaceApp does and what risks it presents. He pointed out that the language of the company's terms of service paint a grim picture.
We may also share certain information such as cookie data with third-party advertising partners. This information would allow third-party ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.
"In other words," said Budington, "they work with online trackers, using data you've given them to better track you." Many companies that offer free services are part of a massive ecosystem designed to track you across the web and tailor advertisements to your interests. Companies have long argued that this is a small price to pay for a free service, and that targeted ads are more valuable to you, since they're more relevant to you.
We may remove parts of data that can identify you and share anonymized data with other parties. We may also combine your information with other information in a way that it is no longer associated with you and share that aggregated information.Anonymized information, however, isn't always so anonymous. A report in The New York Times shows that it is possible to connect "anonymized" information to the original person. Moreover, the information might be semi-anonymous, but it's still being used to serve ads to you. The end result for you, the FaceApp user, isn't so anonymous. Goncharov told Mashable, "most images are deleted from our servers within 48 hours from the upload date." Several responses from the developer in the reviews on Google Play cite a similar 1-3 day time period. Goncharov also said that users can request to have their information removed from FaceApp's servers. (Full disclosure: PCMag's publisher, ZiffMedia Group, owns Mashable and I can see most Mashable employees from my desk. Hi!)
For Budington, that's not good enough. "There's no way of knowing if they're telling the truth," he said. "But what's more concerning is that this assurance is probably the bare minimum they can give, leading one to ask: What do they do with the rest of the photos?"
Let's put it all together, in reference to Jose's question. Regarding your photos, FaceApp only has access to the photos you edit in the app, and says it only retains those for a few days. You can request to have your information removed but, as Budington points out, there's no way for an individual user to verify that this has been done.
It's Not Just FaceAppThe scrutiny of FaceApp is an unusual confluence of events. It started with an incorrect accusation and was exacerbated by the intense—albeit justified—paranoia related to nefarious online activity from Russia. However, what FaceApp does is not so different from activities of more familiar apps like Facebook, Instagram, Snapchat, Twitter, and many, many others.
- Online Privacy Is a Right, Not a Luxury Online Privacy Is a Right, Not a Luxury
- Report: FTC to Fine Facebook $5 Billion For Privacy Violations
Report: FTC to Fine Facebook $5 Billion For Privacy Violations
- Is FaceApp Really a Privacy Threat?
Is FaceApp Really a Privacy Threat?
We are very deep into the surveillance economy, where we are monitored constantly for the benefit of corporations harvesting our data. I've been writing about this for years and after so many data breaches and privacy gaffes from major players (looking at you, ) it's hard to imagine that we could ever escape this data harvesting. Yet, the response to FaceApp has demonstrated that people aren't really comfortable with how these companies operate—or are perceived to operate—and that gives me hope we can get our privacy back.