FaceApp sparks a frenzied witch hunt, but concerns around facial recognition valid

The vastly popular Russia-born FaceApp has the internet in a tizzy. The US, quick to sniff out a Russian conspiracy, is crying wolf over privacy concerns. It does have a point, though.

iStock-913641954.jpg

Chances are you’ve already checked out the older version of yourself on the latest sensation, FaceApp, or at least heard about it, unless you’ve been living in a cave. 

While its creator Wireless Lab has come clean on data privacy concerns, American lawmakers are screaming bloody murder over Russians stealing data. However, an immensely popular company in its own backyard has been doing exactly that for quite some time now – Facebook.

The social media giant, through a VPN, had been tracking user activity till the Federal Trade Commission pulled up FB and imposed a USD 5 billion fine.

Although FaceApp has been created in Russia, it uses AWS’ compute prowess to process the Methuselahn filter used for image modification. It also seeks the user’s permission to share the image, which the company claims, is deleted within 48 hours.

While it does feel good shaking your fist at billion-dollar behemoths, the problem lies in users giving consent to sharing personal information. A Kaspersky report revealed that 63 percent of users do not bother reading license agreements and 43 percent merrily tick all privacy permissions when they are installing new apps.

Why FaceApp poses a threat to devices using facial recognition

Agreed, a lot of the furore stems from the US’ deep-rooted mistrust of anything coming from Russia, the propensity of images being used to bypass facial recognition-based security is a real and imminent threat.

Alvin Rodrigues, Senior Director & Security Strategist at Forcepoint explains that your face is your personal copyright. So apps like these lead to users relinquishing their ability to use their faces as passwords to access mobile devices – and a face is something that cannot change, it’s permanent.

“Secondly, the photographs being uploaded to the cloud are at risk of being targeted by hackers who may use them for running facial identification to compromise individuals and companies,” he adds.

Hold up. There's more bad news

As if privacy concerns were not enough, a fake FaceApp version that infects users’ devices with the MobiDash adware module has been discovered by Kaspersky Labs.

The modus operandi of the shady app begins with a failure simulation on the device. Once removed, a malicious module in the application rests discreetly on the user’s device, displaying unsolicited ads.

The finding reveals that around 500 users encountered the problem since Wednesday. Around 800 different module modifications have been identified so far.
 

Analysis

FaceApp sparks a frenzied witch hunt, but concerns around facial recognition valid

The vastly popular Russia-born FaceApp has the internet in a tizzy. The US, quick to sniff out a Russian conspiracy, is crying wolf over privacy concerns. It does have a point, though.

iStock-913641954.jpg

Chances are you’ve already checked out the older version of yourself on the latest sensation, FaceApp, or at least heard about it, unless you’ve been living in a cave. 

While its creator Wireless Lab has come clean on data privacy concerns, American lawmakers are screaming bloody murder over Russians stealing data. However, an immensely popular company in its own backyard has been doing exactly that for quite some time now – Facebook.

The social media giant, through a VPN, had been tracking user activity till the Federal Trade Commission pulled up FB and imposed a USD 5 billion fine.

Although FaceApp has been created in Russia, it uses AWS’ compute prowess to process the Methuselahn filter used for image modification. It also seeks the user’s permission to share the image, which the company claims, is deleted within 48 hours.

While it does feel good shaking your fist at billion-dollar behemoths, the problem lies in users giving consent to sharing personal information. A Kaspersky report revealed that 63 percent of users do not bother reading license agreements and 43 percent merrily tick all privacy permissions when they are installing new apps.

Why FaceApp poses a threat to devices using facial recognition

Agreed, a lot of the furore stems from the US’ deep-rooted mistrust of anything coming from Russia, the propensity of images being used to bypass facial recognition-based security is a real and imminent threat.

Alvin Rodrigues, Senior Director & Security Strategist at Forcepoint explains that your face is your personal copyright. So apps like these lead to users relinquishing their ability to use their faces as passwords to access mobile devices – and a face is something that cannot change, it’s permanent.

“Secondly, the photographs being uploaded to the cloud are at risk of being targeted by hackers who may use them for running facial identification to compromise individuals and companies,” he adds.

Hold up. There's more bad news

As if privacy concerns were not enough, a fake FaceApp version that infects users’ devices with the MobiDash adware module has been discovered by Kaspersky Labs.

The modus operandi of the shady app begins with a failure simulation on the device. Once removed, a malicious module in the application rests discreetly on the user’s device, displaying unsolicited ads.

The finding reveals that around 500 users encountered the problem since Wednesday. Around 800 different module modifications have been identified so far.