As social photo and video editing services such as FaceApp Opens a New Window. and TikTok gain popularity and attract millions of users, a growing number of data privacy experts and lawmakers are warning consumers to think twice before allowing apps Opens a New Window. to access everything from their sensitive information to their selfies.
Critics raised concerns about FaceApp’s data practices and its ties to Russia this week after the photo service went viral for a new feature that allowed users to post aged photos of themselves, so long as they accepted terms of service that gave the app a perpetual license to their images. The outcry mirrored criticism toward TikTok, a lip-syncing app owned by China-based ByteDance that paid a $5.7 million fine to the Federal Trade Commission earlier this year for illegally collecting data from children.
TikTok and FaceApp are just two of countless apps, including more popular services such as Snapchat and Instagram, through which users upload their photos and, as a result, their data. However, consumers should be particularly wary of apps originating from countries known for government surveillance or monitoring, such as China and Russia, which also have laws that require firms to store data in their territories.
“Even if the privacy policies are acceptable, you should also pay attention to where the data is stored and the attitude of that country towards privacy,” said Gary Davis, a consumer security expert at McAfee. “For example, some of these apps store their data in a country that does not have high privacy standards for its citizens, so users should not expect them to be any more willing to safeguard their privacy.”
A subsidiary of Russia-based startup Wireless Lab, FaceApp’s terms of service require users to grant the company a “perpetual” license to uploaded photos and provide little detail about how it makes use of user data. While the company denied transferring Opens a New Window. or storing any data in Russia, Sen. Chuck Schumer, D-N.Y., called on the FTC and FBI to investigate, noting that it “would be deeply troubling” if the Russian government could gain access to sensitive information from U.S. citizens.
“PSA: TikTok is Chinese and FaceApp is Russian. Safe to assume those governments can readily access your data if you use these apps,” Carroll wrote on Twitter.
TikTok addressed security concerns in a statement to USA Today this week, noting that it is “working with an independent, US-based internet privacy firm to audit our practices and confirm that we are employing industry-leading standards for the storage and protection of TikTok user data.”
Concerns about user data privacy and practices aren’t limited to firms located outside the country. U.S. tech companies have faced unprecedented scrutiny from lawmakers since March 2018, when Facebook acknowledged that British firm Cambridge Analytica had improperly accessed the personal data of up to 87 million users. Officials are exploring potential regulations for how companies access, user and store data.
Like FaceApp, terms of service for Facebook, Instagram and Snapchat note that by signing up for the apps, users are granting the companies a license to their content, including photos and other uploads. However, those apps offer more information about how they handle user data.
Snapchat, the photo-based messaging app that boasts a base of more than 180 million users, is “actually pretty open” about its data practices, according to William Mendez, director of Friedman CyZen, the cybersecurity advisory practice.
Mendez notes that Instagram’s policies are “not as detailed” as those of Snapchat, though they do provide some detail as to what user data is collected and how the company uses that data.