The FaceApp Foul: When Online Fun & Security Are at Odds

FaceApp Concerns graphic | Vanguard Communications | Denver, CO

When an app goes viral, how do you know if it’s all in good fun, or if you will deliver all of your private information to the Russian government?

by Kailey Runtas, Client Development Executive

The week of July 14, 2019, was a big week for me. As I entered the last year of my 20s and celebrated the pending arrival of my new daughter, many friends, celebrities and influencers I follow on social media began posting photos purposefully aging themselves with the “Age Challenge” or “FaceApp Challenge.”

The challenge uses an app called FaceApp, developed by Russian parent company Wireless Labs, that uses artificial intelligence (AI) technology to age the likeness of a user by adding wrinkles, yellowed teeth and grey hair. The app also has the ability to make a person appear younger or to make other facial changes such as adding a beard or makeup.

To join in the fun, my husband downloaded the app and we each aged our photos. While my husband looked like a dapper Santa Claus, my photo renewed my commitment in a daily skincare routine and my love of sunscreen.

In the days following the FaceApp aging craze, news outlets began alerting the public to the possible security risks that the app’s 80 million active users face. It also drew criticism from Senate Minority Leader Chuck Schumer, who implored the Federal Trade Commission (FTC) and the FBI to investigate FaceApp’s practices and possible ties to the Russian government. The Democratic National Committee also sent an alert to all 2020 presidential campaigns urging them to immediately delete the app to help prevent the Russians from tampering with yet another presidential election.

What’s all the FaceApp fuss about?

In FaceApp’s terms of use it states, “You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided…” In this case, “user content” refers to name, username and photo.

If you just read the scary headlines of these news stories, you might have felt a little down in the dumps about participating in this fun “Age Challenge.” In reality though, these terms are similar to that of many other apps we use every day. In a CBS News interview Editor in Chief of WIRED Magazine Nick Thompson explained that a regular person shouldn’t face any more security concerns by using FaceApp as they do when using Instagram.

And according to French security researcher, Baptiste Robert, who viewed FaceApp’s back end, the only user images uploaded to its U.S.-based servers are the images actually modified by the app’s AI. There is no evidence that FaceApp gained access to entire camera rolls, search history, contacts, etc.

In response to the backlash, FaceApp has said that most images are deleted from its servers within 48 hours and that 99% of their users do not log-in or create an account, thus removing most of the concern around matching a face to a name.

So the good news is, if you were one of the 80 million users who joined in the “FaceApp Challenge,” your privacy is generally safe (aside from the aged photo) and you don’t have to worry about your selfies, dog photos or screenshots of funny memes being released to the public at large. 

Why do we care so much about your personal and medical practice’s online security?

As a healthcare marketing firm, we preach security measures to our clients, colleagues and at worldwide conferences on a regular basis. We’ve gone so far as to pioneer additional HIPAA compliance programs with some of the vendors we use in our day-to-day work. We hold business associate agreements (BAAs) with each of our clients that hold us to the same high standards of safeguarding potential protected health information (PHI) we may access through our clients’ web forms or social media accounts. We also have purchased a very large insurance policy against privacy breaches that we fully intend to never use.

Why doctors and medical professionals should be extra cautious

If you are one of the many doctors or medical providers that use your phone to communicate with patients, access appointment schedules or review important health information, you should be extra cautious about what apps and programs you download to your phone. The possibility that your phone has or will access PHI is higher, and therefore so is the risk that an overreaching app with questionable security could be accessing and distributing more than just your own personal information.

Related video: Maintaining patient-physician boundaries on social media and via cell phones

6 things you should do before downloading any app

Upon seeing all of the concern and media attention around FaceApp’s terms of use, we felt it necessary to educate people about what they can do to help protect against a rogue app. While we can put some trust in the vetting processes Apple and Google require of all apps, ultimately, security and privacy are the responsibility of each individual user.

  1. Think twice before downloading. A bit of skepticism is healthy.
  2. Do a quick Google search to see if the app is legitimate or if there are any public concerns about the app.
  3. Read the user reviews in the App Store or Google Play.
  4. Determine which phone features the app needs permission to use (i.e. camera roll, location, bluetooth, etc.). In your phone settings you can view all downloaded apps and choose which permissions to allow or disallow.
  5. Read the full terms and conditions before downloading an app.
  6. Keep your smartphone operating systems up to date. Apple’s iOS 13 (releasing in Fall 2019) will alert users when apps collect location data or use bluetooth.

If you follow the above steps, you can feel confident that you’ve done your due diligence when it comes to your app security. Feel free to participate in good ol’ fashioned online fun with Snapchat filters, Pokemon hunting and crushing candy, but if an app seems to be asking for too much personal information or just seems a bit fishy, trust your gut and delete it.

Increase your practice 15%-30% in year one – guaranteed.

Our MedMarketLink healthcare marketing program contains everything a practice needs for growth, from mobile-first web design to content marketing to media relations and online reputation management.

MedMarketLink Contact us