FaceApp has seen a surge in popularity and, with it, notes of caution.
The free mobile app allows users to take selfies that are then transformed by artificial intelligence to look older, add features or even change genders.
But while the app may be fun, some observers note that the technology raises privacy concerns, particularly for employers with bring your own device policies, known as BYOD.
A company’s data could be compromised if employees download the app to devices they use for work.
That’s because the app gives its developers access to whatever else is on a device, including other data stored on it, said Doug Panzer, a patent attorney for Fitzpatrick Lenz & Bubba, based in Upper Saucon Township.
The maker of FaceApp is a Russian company, Wireless Lab OOO of St. Petersburg.
The terms note the company can send data to other partners, including other companies in the same legal group as Wireless Lab, Panzer said.
Panzer said the terms also give far-reaching rights to Wireless Lab over the use of the photos that users provide to and create with the app. In addition, the terms give the company access to significant technical data that the app may collect or even store on a person’s device, he added.
Even if you delete the app from a mobile device, it may not delete all of the data, he said.
One potential solution is a factory reset of the phone, but again, it may not be a sure fix.
For employers, a dose of prevention could help
Employers with BYOD policies should rely on management tools that control what employees can – and cannot – download on their devices, said Michael Hawkins, founder and CEO of Netizen Corp., a cyber security company in South Whitehall Township.
Hawkins said he has seen people using FaceApp all over Facebook.
“While it may not currently be nefarious, with the information they are collecting, it could be used against you at some point,” Hawkins said.
The biggest concern for Hawkins involves government employees or others with access to sensitive data through their work phones.
The information is going to a U.S.-based server but then goes to the Russia-based company, he added.
“Nobody reads the terms of service,” Hawkins said. “This is the perfect example of what they call a honey trap.”