NBI warns netizens the potential privacy risks of using FaceApp - The Daily Sentry


NBI warns netizens the potential privacy risks of using FaceApp



Photos courtesy of Philstar and Manila Bulletin


The National Bureau of Investigation (NBI) has warned the public against the use of the popular mobile application called FaceApp.


The FaceApp even became popular among local and international celebrities, which provides an almost realistic gender transformation of faces.



However, the NBI Cybercrime Division chief Victor Lorenzo said the FaceApp may have the potential to access the user's information, including location and sensitive photos.


Lorenzo further explained that the app asks users for permission to access photos and videos in their phone and can even access other vital information.. 


This can cause a possible risk of sensitive materials being accessed and used by unscrupulous individuals, Lorenzo said.


"Danger dun ay kapag may sensitive photos ka, may access na sila don. Kapag naka-enable ang GPS mo, makukuha nila locations mo. Kung business may purpose, laging may purpose yan," Lorenzana told the media.


"Pwede nila gamitin for advertising. Pwede rin sa espionage. Halimbawa may targeted politician o individual ka, pwedeng pag-aralan ang movement nila.” he explained.


Be that as it may, the NBI cybercrime chief, is not telling the public not to use the app, but urged them to be extra careful and read the manuals before using any mobile applications.


"Ang sinasabi lang namin is kung saka-sakaling gusto mong mag-download ng apps, nakalagay doon, 'will you allow this app to access your photos, videos...' Pag-isipan mo muna, 'meron ba akong sensitive materials... sa cellphone ko,'" he said.


"Pag sinabi mong wala, pangalawa basahin mo 'yung fine print, pag komportable ka doon sa terms and conditions nila, i-download mo, gamitin mo... Hindi 'yung masyado tayong excited, hindi na natin alam, [na] hindi pala tayo comfortable doon sa terms and conditions," he added. 


And even uninstalling the application does not mean the user is safe from its dangers, Lorenzo further said.


“May analytics at ang artificial intelligence ngayon napaka-advance na. Kapag inuninstall mo, mawawala yung access nila, pero lahat ng photos mo andun na yon lahat ng photos makukuha," he added.


So far, the NBI has not received any complaints pertaining to the application, but NBI Cybercrime chief advised users to be wise when using such applications.



Meanwhile, Cybersecurity experts also forewarned against the risks of using the image manipulation app, which has become viral over the past week because of a feature allowing users to change the gender of a person in a picture.


“While the idea of having an app that gender swaps humans in pictures does sound interesting and fun, it comes with several risks and dangers,” the Computer Professionals’ Union (CPU) said in a statement.


“By using this application, we grant FaceApp (and whoever they give access to their database) freedom to access our personal digital likeness and permission to use it for their purposes,” they added.


The CPU pointed out a provision in the terms and conditions of the mobile application that gives the maker a non-exclusive, royalty-free and fully-paid license to use content created by users.


On the other hand, the free access to the app is intended solely to provide services to the users, the CPU  mentioned a provision stating that FaceApp “do not control, endorse or take responsibility for any user content or third-party content available on or linked to by our services.”


CPU further said that these might include “unscrupulous individuals or parties that seek to use a person’s digital likeness for nefarious purposes, from black propaganda to identity theft.”


“We need to be cautious of the digital footprints and personal information that we provide various social media platforms and other types of services online. This applies not only to FaceApp, but also to other third party apps that mine our information,” said the organization.


“We must realize that giving the people and organizations behind them permission to gather and use our personal information means that we do pay for their services – not in cash but at the cost of our attention, privacy and security,” it added.


It noted recent concerns over the proliferation of fake accounts on Facebook, which it said could benefit from FaceApp data.


“With the advent of the Anti-Terrorism bill possibly becoming law, there is danger that these doppelgänger accounts, coupled with realistic likeness of the persons they’re impersonating, could maliciously act in violation of the provisions of said law, thereby framing the actual person,” CPU added.


Another advice from cybercrime experts, Cyber Security Philippines, a non-profit computer security incident response team, also warned netizens against data mining and extraction of facial biometrics, noting that it can be used for identity theft, fraud, demolition, extortion or defamation.


Last year in the United States, US Senate Minority Leader Chuck Schumer urged the Federal Bureau of Investigation and the Federal Trade Commission to monitor FaceApp over possible national security and privacy risks.


At that point, FaceApp had gained popularity worldwide over a feature allowing users to change their image to look older or younger.


Schumer explained the level of access identified in the application’s terms of use and privacy notice may result in the photos being used in the future without the users’ consent.


“I have serious concerns regarding both the protection of the data that is being aggregated, as well as whether users are aware of who may have access to it,” he wrote.



FaceApp thumbnail | Kirill Kudryavtsev | AFP


“In particular, FaceApp’s location in Russia raises questions regarding how and when the company provides access to the data of US citizens to third parties, including potentially foreign governments,” he added.


FaceApp, has sent out a statement to various tech websites at the time, and clarified that it does not “sell or share any user data with any third parties” and that user data is not transferred to Russia even if their core research and development team is based there.



“FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud,” the company said.


“We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date,” it added.



Another FaceApp thumbnail | Photo from Forbes


FaceApp said they also accept requests from users to remove their data, recommending that users send these requests using the mobile application.