Critics have raised questions about the app's access to users' data, with one calling the terms of service agreement a "DOOZY"
FaceApp, a popular app first introduced in 2017, has gone viral again, with countless users distorting their faces with its artificial intelligence technology.
Russian startup Wireless Lab’s creation has experienced resurfaced popularity thanks to the new FaceApp Challenge, which finds celebrities and fans sharing their digitally aged faces with their followers on social media. Everyone from the Jonas Brothers, Drake, the Queer Eye cast and Joanna Gaines have posted the shocking transformations.
But FaceApp’s second coming is also bringing up many questions about user security, with some experts warning about the dangers of allowing the app to have access to your data.
A major concern many have brought up: the content-usage rights users sign away to the developers when they agree to the app’s terms and conditions.
Digitas strategist James Whatley shared the fine print on Twitter, calling the terms of service agreement a “DOOZY.”
“You grant FaceApp a perpetual, irrevocable, nonexclusive royalty-free, worldwide, fully-paid, transferable sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you,” the agreement states, in part.
Privacy expert David Vaile, the chair of Australian Privacy Foundation, told the Australian Broadcasting Corporation that “they ask for way more rights than they need” and “it is impossible to tell” what is done with the uploaded content.
However, in a statement to PEOPLE, Yaroslav Goncharov, founder of the app, says that the company does not “sell or share any user data with any third parties.”
“We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation,” he says. “Most images are deleted from our servers within 48 hours from the upload date.”
In addition to this, FaceApp does not have access to data that could identify a person, because all of its features are available without having to log in, and 99% of users don’t log in to the app, Goncharov says.
RELATED VIDEO: Teen Suing Apple for $1 Billion Because He Says Facial Recognition Software Led to False Arrest
He also addresses the questions that users have about the app’s access to their photo library, after one user wrote on Twitter that the app immediately uploads user-selected photos from a user’s phone to its database without asking the user for permission. (The tweet has since been deleted.)
“FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing,” Goncharov said in the statement, claiming that the app would only have access to photos selected by the user. “We never transfer any other images from the phone to the cloud.”
The data users upload to the app is reportedly not transferred to a server in Russia, though the app’s core team is located there. A security researcher confirmed to Forbes that the server was actually located in the U.S. and Australia.
If still wary, Goncharov says users can request to have all of their data removed from the app’s servers at any time.