Tech’s CEROC sizes up FaceApp

While FaceApp may be receiving renewed attention in the press, the app is not doing anything that many other apps are also doing. It is important for the public to remember that there is no “free lunch” or “free apps”.

COOKEVILLE – FaceApp is in the news again. First appearing in early 2017, the app uses neural network artificial intelligence to take uploaded images of faces and apply various filters such as facial expressions or even altering your age. These photos are uploaded to the company’s AWS servers for processing. The company has stated that the photos must reside on the server for a period of time due the computational overhead of the photo processing. The company has also stated that the photos are deleted at a later time. The company provides for a means of requesting that all user data be deleted from their servers through the support section of the app.

The app is a product of Wireless Labs, led by CEO Yaroslav Goncharov, which is based in Russia.  While some security analysts have said they have not seen any strange information transfers to servers other than those based in Silicon Valley, the company’s terms of service clearly state that information can be transferred to any of their processing locations, including Russia. Given the current sensitivity of anything related to information transfer and the Russian Federation, new concerns have surfaced about how, what, and by whom retained information could be used. Legal analysts agree that the terms of use and privacy policy of the app are not GDPR compliant.

Per FaceApp’s Terms of Use, “You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your user content and any name, username or likeness provided in connection with your user content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share user content on or through our Services, you understand that your user content and any associated information (such as your [username], location or profile photo) will be visible to the public.” – (

While FaceApp may be receiving renewed attention in the press, the app is not doing anything that many other apps aren’t also doing. It is important for the public to remember that there is no “free lunch” or “free apps.” Consumers will pay for access to apps and related services with their money, time, and/or their data. The question for the consumer is always “How much personal information am I willing to submit to use this service?”

So what can consumers do to be safe in their app/website usage? The National Cyber Awareness System provides some guidance in Security Tip (ST19-003) at Among the document’s recommendations:

– Only download apps from official app stores for your mobile device platform.

– Read and understand the privacy policy before downloading an app or using an online service.

– Review the permissions which app requests on your device paying special attention to access to your contact list, camera, storage, location and microphone.

– Limit location permissions for the app. 

– Delete apps that you no longer need.

– Use caution when signing into apps with social network accounts as they often will want access to your social presence information.

 As in all facets of our personal and professional lives, a bit of common sense and caution can yield a great deal of productivity and safety.

CEROC:  Cybersecurity Education, Research and Outreach Center at Tennessee Tech University, established under the direction of Dr. Ambareen Siraj, is a center of excellence in the College of Engineering focused on K-20 cybersecurity education programs; research in emerging cybersecurity topics; and outreach programs to stakeholders in academia, government and industry.  CEROC is an NSA-accredited Center of Academic Excellence in Cyber Defense Education (CAE-CDE) and host of the first and largest CyberCorps SFS program in the State of Tennessee.  CEROC, via Dr. Siraj’s work, is also the founding group for the Women in Cybersecurity Conference, the largest conference of its type focusing on enhancing diversity within the cybersecurity workforce.  More information about CEROC and its programs can be found at or by sending an email to

This site uses Akismet to reduce spam. Learn how your comment data is processed.