FaceApp privacy: Russian state unlikely to interfere with hit app, security experts claim

Jack Hardy
Gordon Ramsay was among celebrities to share FaceApp pictures - @gordongram/Instagram

When celebrities such as Sam Smith, Gordon Ramsay and Drake shared pictures of their digitally wrinkled faces online, they probably expected little more than a smattering of amused comments. 

Few would have foreseen that, within days, the smartphone software used to inflict the ravages of time upon their features would be at the centre of a global cybersecurity row. 

FaceApp enjoyed an explosion in popularity this week, as social media users thrilled over a feature which made their faces look older - spawning the “age challenge”. 

Instagram and Twitter became awash with famous faces newly gullied by wrinkles with shocks of grey hair among recognisable curls, as dozens of celebrities jumped on the viral trend.

However, news that a Russian company was behind the craze triggered a meteoric response in the UK and US, as officials sensed a potential threat to personal data.

FaceApp was created by St Petersburg-Based Wireless Lab, which provoked alarm by suggesting it stored all images uploaded by the user in a cloud server.

Memories of alleged Russian cyber-interference in the 2016 US Election still haunts the Democratic National Committee, which governs the country’s opposition party.

An alert was sent by security chief Bob Lord to campaign staff for next year’s election, urging them to “delete the app immediately”. 

FaceApp has shot to the top of download charts Credit: AFP

Chuck Schumer, a senior Democrat senator, raised the stakes still further by calling on the FBI to investigate, as FaceApp could pose “national security and privacy risks for millions”.

Britain’s data watchdog, the Information Commissioner’s Office, also waded into the debate, saying: “We are aware of stories raising concerns about Face App and will be considering them."

It is understood the National Cyber Security Centre was also aware of the furore surrounding the app but had not identified any obvious cause for concern.

Wireless Lab, which launched FaceApp in 2017, was founded by Yaroslav Goncharov, a Russian developer who claims to have worked with Microsoft in the US.

The “AI face editor” sends users’ pictures to the cloud to be scanned and mapped - where the material could remain indefinitely - rather than doing so on their phones. 

Terms and conditions for the app also grant the company "perpetual" rights to use for any uploaded images or likenesses for a wide range of purposes, including commercial. 

While such clauses are not dissimilar to those used by other social media firms, the company’s Russian background stoked fears it could be vulnerable to state intrusion. 

Mr Goncharov, however, insisted no FaceApp user data was transferred to the country, even though several of the company’s teams were based there. 

Singer Sam Smith has also used the app to warp his face 

Security experts poured cold water on suggestions the app could be a target of state interference. 

Mark Galeotti, a senior associate fellow at the Royal United Services Institute (RUSI), said: “If you’re in Russia there is always a chance someone will tap you on the shoulder and say ‘the Motherland would like x or y’. 

“If you’re not a heavy-hitting businessperson or high-profile individual, it’s very hard to say no - but there is nothing the FaceApp files would contain that isn’t easily scrapable off the net anyway.

“I can understand how, with anything involving Russia these days, there is that instinctive flinch, but I must say that I would be hard-pressed to see what the Russian authorities would want from this app.”

Technology analysts have likewise found nothing within the coding of the app that would appear to offer a backdoor to snoop on users’ phones, according to reports. 

Mr Galeotti suggested the episode served as a reminder to the public about the amount of data they may be handing over to developers whenever they use an app. 

“The wider issue is that everyone nowadays - every app, every service we use - has massive amounts of data on us,” he said. 

His words were echoed by the Information Commissioner’s Office, which ended its statement on FaceApp with a warning about data harvesting.

A spokesman said: “We would advise people signing up to any app to check what will happen to their personal information and not to provide any personal details until they are clear about how they will be used.”