In today’s article we will look into what is FaceApp? Why security researchers have been warning people about it’s privacy issue? Are scammers started to scam, fraud you with fake FaceApp? We will start finding all these answers.
What is FaceApp: – FaceApp is an Artificial Intelligence powered selfie editing application. This FaceApp is developed by Russian developers. This app allows you to edit your face look like older or younger. FaceApp was developed in 2017 by Wireless Lab. FaceApp is available for both Android and iOS.
Recently the FaceApp has gone viral. This App raises some privacy question among security researchers. How this app allows you to pick photos without giving photo access to the app?
TechCrunch reports states “Another issue raised by FaceApp users was that the iOS app appears to be overriding settings if a user had denied access to their camera roll, after people reported they could still select and upload a photo — i.e. despite the app not having permission to access their photos.”
Poland and Lithuania governments have raised their concern over FaceApp.
Poland’s digital affairs ministry states “For several days in Poland and the world over, social media have been flooded by a wave of modified photos of ‘ageing’ users.”
We Live Security has posted a new report about FaceApp pro scam. “Scammers have been trying, to various ends, to exploit this wave of interest, using a fake “Pro” – yet free – version of the application as a lure. The fraudsters have also made an effort to spread the word about this fictitious version of the currently-viral app – at the time of writing this blogpost, a Google search for “FaceApp Pro” returns some 200,000 articles. We have seen two ways the scammers try to make money from the non-existent “Pro” version of FaceApp.”
ESET researchers posted Indicators of Compromise(IoCs) in their website
Indicators of Compromise (IoCs)
Hash ESET detection name
BB99A60D9F69A18B3D115D615C0E2FBD Android/ScamApp.BX
BD45B786F58FA155B4ECF102DBF01FB5 Android/ScamApp.BY
Fake FaceApp also installing malware into your phone. Kaspersky researchers have found fake application that infects devices with MobiDash adware module. Kaspersky reports says more than 500 unique users infected with this malware within last 48 hours.
To stay protected security professionals are advising not to download fake FaceApp from any untrusted sources also advised users to search the app developer name before installing FaceApp.
Now FaceApp responds to the privacy concern raised by many security researchers and governments
Here’s the full statement:-
We are receiving a lot of inquiries regarding our privacy policy and therefore, would like to provide a few points that explain the basics:
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.