FaceApp rapped for potential privacy, security abuse

Occurred: July 2019

FaceApp came under scrutiny for potential privacy and security abuses due to its Russian ownership and the data collection practices outlined in its terms of service. 

Concerns were amplified following a Forbes report that FaceApp was storing users' photos, email addresses and device identifiers on its servers in Russia rather than on their phones, and that their metadata was being collected. 

Although FaceApp claimed to delete photos from its servers within 24 to 48 hours after editing, users expressed skepticism about the deletion process, with some critics highlighting that merely uninstalling the app does not guarantee the removal of uploaded images from FaceApp's servers.

Concerns were also raised that FaceApp's privacy policy had a "perpetual" license that allowed it to use people’s usernames, names, and likeness for commercial purposes, including potential facial recognition applications.

The reports prompted US senator Chuck Schumer to urge the FBI and Federal Trade Commission to investigate FaceApp, saying it could pose "national security and privacy risks for millions of US citizens."

In response, the FBI said "it considers any mobile application or similar product developed in Russia, such as FaceApp, to be a potential counterintelligence threat." 

FaceApp CEO Yaroslav Goncharov responded by denying data was being shared with Russian authorities and asserting that user data is not transferred to Russia. 

He also said that only the picture chosen by the user is uploaded and stored on cloud computing services provided by Amazon and Google, and that the app did not harvest a user’s mobile photo library.