FaceApp: It Won't Age Well

I’m not sure what’s with all the excitement around this FaceApp challenge, but it must be something to do with my middle age. My favorite basketball players and movie actors are posting old-age pictures of themselves onto Twitter and Instagram, and it just makes me feel that much older!

In checking how many people have downloaded FaceApp from the iOS App Store, it certainly doesn’t look like just a passing fancy. The app has been around since 2017, and because of this latest viral fad, several curious users have raised a red flag because FaceApp’s developer is from Russia and the privacy agreement is a little sketchy.

How it works: you take a selfie of yourself or someone you love (or hate) and apply an age filter that uses artificial intelligence magic and voilà, you have a picture of yourself or significant other that you can never unsee! The app asks for permission to access your camera for obvious reasons, but doing so means you potentially are sharing your existing camera roll and videos on your phone or tablet, as well as the endless selfies you will take as you get older. These personal artifacts can then be uploaded to cloud storage, not knowing how they will be safeguarded from abuse or bad actors on the web.

Recently, the app has been updated and the author has responded to the privacy concerns, acknowledging that the morphing engine that makes you look virtually more beautiful or age advancing/defying using your facial data is done in the cloud. The app uploads the entire camera roll to the cloud, and this data is potentially stored for a short unspecified period. Pretty sneaky. 

Senator Chuck Schumer, Democrat from New York, has asked the FBI and FTC to investigate the app and the DNC has warned 2020 candidates not to use FaceApp.
To each their own, but there is enough information to make a well-informed decision. Don’t allow this “leaky app” onto a managed mobile device with the potential for personal and work data to be lost. Now I sound like my parents! Enable MobileIron UEM, MTD, and Access just in case, though.

MTD provides on-device detection and remediation, and adds an additional security layer with cloud-based threat intelligence for suspicious or out-of-compliance apps that exhibit certain characteristics and behavior like “record screenshots of user's interactions within the app”, “video record”, “camera roll read”, or “camera roll write.” You can also apply specific compliance actions like notify, monitor, block, quarantine, or completely retire the device from UEM.

Besides, do you really want a picture of your old self floating around the ether? I can tell you, it won’t age well. See below for a demo of how MobileIron Threat Defense detected and remediated the “leaky” FaceApp in this short video:


James Saturnio

James Saturnio

Senior Lead Technical Market Adviser at MobileIron

About the author

James Saturnio is a Senior Lead Technical Market Adviser at MobileIron. He immerses himself in all things cybersecurity and has over 25 years’ experience in this field. He has been with MobileIron for over 6 years, and previously worked at Cisco Systems for 19 years. While at Cisco, he worked as a TAC Engineer, and then as a Technical Leader for the Security Technology and Internet of Things (IoT) business units. He was the main architect for the IoT security framework that is still being used today by Cisco’s IoT customers.