FaceApp, the AI-powered selfie-editing app that’s been having another viral moment of late, has now responded to a privacy controversy that we covered earlier here. We’ve pasted the company’s full statement at the bottom of this post.
The tl;dr here is that concerns had been raised that FaceApp, a Russian startup, uploads users’ photos to the cloud — without making it clear to them that processing is not going on locally on their device.
Another issue raised by FaceApp users was that the iOS app appears to be overriding settings if a user had denied access to their camera roll after people reported they could still select and upload a photo — i.e. despite the app not having permission to access their photos.
As we reported earlier, the latter is actually allowed behavior in iOS — which gives users the power to choose to block an app from full camera roll access but select individual photos to upload if they so wish.
This isn’t a conspiracy, though Apple could probably come up with a better way of describing the permission, as we suggested earlier.
On the wider matter of cloud processing of what is, after all, facial data, FaceApp confirms that most of the processing needed to power its app’s beautifying/gender-bending/age-accerating/-defying effects are done in the cloud.
Though it claims it only uploads photos users have specifically selected for editing. Security tests have also not found evidence the app uploads a user’s entire camera roll.
FaceApp goes on to specify that it “might” store the photos users have chosen to upload in the cloud for a short period, claiming this is done for “performance and traffic” — such as to make sure that a user doesn’t repeatedly upload the same photo to carry out another edit.
“Most images are deleted from our servers within 48 hours from the upload date,” it adds.
It also claims no user data is “transferred to Russia”, even though its R&D team is based there. So the suggestion is that storage and cloud processing are being performed using infrastructure-based outside Russia. (We’ve asked it to confirm where this is done. Update: Founder Yaroslav Goncharov told us it uses AWS and Google Cloud.)
“We don’t sell or share any user data with any third parties,” it adds.
FaceApp also says users can request their data is deleted. Though it doesn’t yet have a very smooth way to do this — instead it asks users to send delete requests via the mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line, adding that it’s “working on a better UI for that”.
It also points out that the vast majority of FaceApp users don’t log in — making the point that it’s not able to link photos to identities in most cases.
Here’s its statement in full:
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Goncharov says the team of four full-time engineers developed FaceApp’s core tech in-house, though he confirms they are using some AI open source libraries — such as Google’s Tensorflow.
“They are relatively low level/general use libraries that can be used to build almost anything,” he says, adding: “It took us eight months to release the first version of FaceApp, thanks to our prior background in deep learning and computer vision.”
He also says they have spent nothing on marketing for FaceApp at this point, with all early growth being organic, thanks to social shares. (Morphed photos being automatically badged with ‘FaceApp’ and the app pushing social share options at users immediately after they process an image will be helping there.)
How might the team monetize the app, assuming they can keep growing usage? One option might be sponsored filters, says Goncharov. “Our upcoming effects would support it in a nice way. Before we start to implement this, we need to hit quite high numbers in terms of daily active users to use this model efficiently. However, given the app performance we see, we believe that it is a viable option.”
A lot might depend on the variety and quality of the upcoming effects — i.e. if FaceApp is to be anything more than a flash in the selfie styling pan. Adding a smile to a famously grumpy selfie is fun once, but doesn’t seem to offer lasting utility.