Any app that asks for biometric data inputs creates data privacy concerns, say cyber experts
The Russian app has raised national security and data-privacy concerns after reports emerged that it can download images off user’s camera rolls. Although the company that owns FaceApp has denied the claim, saying the app takes only the photo you ask it to manipulate. The company also said it deletes “most images” from its servers within 48 hours of uploading, although there’s no way to confirm that it does so in practice. “Our support team is currently overloaded, but these requests have our priority,” FaceApp founder Yaroslav Goncharov said in a statement. “We are working on the better UI for that.”
If one look at FaceApp’s terms of service, they state– “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your user content and any name, username or likeness provided in connection with your user content in all media formats and channels now known or later developed, without compensation to you.” This closely mirrors Facebook’s terms of service that say “when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings).”
Cyber expert Amit Dubey feels any app that works on biometric inputs should come under data protection law. “There is a finite probability that such data can be misused against you. Authentication systems work on biometric inputs and FaceApp is owned by a company, Wireless Lab, that’s based in St. Petersburg and they are not under such data protection law.”
Not just FaceApp, according to cyber experts, many other popular apps are breaching users’ privacy.
“Any app that asks for biometric data inputs creates data privacy concerns. But because several of these apps are under strict data privacy law, the probability of misuse of the data is very low. Most of the free dating apps neglect the basic data privacy guidelines and create serious concerns for the users,” claims Dubey.
Sabyasachi Mitter, Founder & Managing Director of Fulcro, feels FaceApp has grown in popularity quite rapidly and its slick use of AI is commendable.
However, it is equally true that its terms ensure that once you use the app, you sign a blank cheque to your privacy. While many may argue that users should read the terms carefully before downloading any app, the same is practically infeasible, says Mitter. “One can’t expect lay users to sift through and make sense of the legal fineprint. While the potential of privacy violation in the case of FaceApp has come to the fore due to its popularity, closer scrutiny would probably bring out thousands of apps with equally dubious terms.”
“In my opinion, users trust App Store and Play Store when an app gets listed there for download. Inherently, people believe that enough sanity checks must have been done before the app was approved. The onus, therefore, must fall on the respective stores to read the fineprint and warn users if there are clauses in the terms that could potentially infringe on a user’s privacy and then leave it to the user to decide,” he says.
“For users of free apps, the popular saying goes that if the product is free, most likely you are the product. The cost of such free products is recovered by monetising the data generated from users,” Mitter adds.