As scary that may sound, fret not. Several security researchers point out that the app is not collecting seemingly aged looks and sending them back to Russia for some dastardly or scary cloning project. For a start, a French researcher found that the FaceApp only took photos you want to be transformed, and sent them to the company’s servers. The rub of FaceApp’s face altering technology lies in how the app could simply process the image on your device, rather than actually perform the action on an outside server. A point that one researcher says that “many folks are not cool with that”. There’s also the issue over how FaceApp requiring the permission to access any photos on a user’s phone. But to be fair, so do the majority of apps on both iOS and Android devices. Further, because FaceApp’s privacy policy is GDPR compliant, the company reserves the right to transfer data obtained from the app to any location where it has a facility.
— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019 In response to security fears, FaceApp’s founder, Yaroslav Goncahrov, said that the user data obtained from the photos do not get transferred to Russia. He says that his company only uploads a photo “selected by a user for editing” and that they “never transfer any other images from the phone to the cloud”. He also allayed fears, saying that most of the images in the company’s servers are deleted within 48 hours from the upload date. (Source: Forbes, The Verge, TechCrunch)