December 8, 2019 News Magazine

AI photo editor FaceApp goes viral again on iOS, raises questions about photo library access

FaceApp. So. The app has gone viral again after first doing so two years ago or so. The effect has gotten better but these apps, like many other one off viral apps, tend to come and go in waves driven by influencer networks or paid promotion. We first covered this particular AI photo editor  from a team of Russian developers about two years ago.

It has gone viral again now due to some features that allow you to edit a person’s face to make it appear older or younger. You may remember at one point it had an issue because it enabled what amounted to digital blackface by changing a person from one ethnicity to another.

In this current wave of virality, some new rumors are floating about FaceApp. The first is that it uploads your camera roll in the background. We found no evidence of this and neither did security researcher and Guardian App CEO Will Strafach or researcher Baptiste Robert.

The second is that it somehow allows you to pick photos without giving photo access to the app. You can see a video of this behavior here:

While the app does indeed let you pick a single photo without giving it access to your photo library, this is actually 100% allowed by an Apple API introduced in iOS 11. It allows a developer to let a user pick one single photo from a system dialog to let the app work on. You can view documentation here and here.

IMG 54E064B28241 1

Because the user has to tap on one photo, this provides something Apple holds dear: user intent. You have explicitly tapped it, so it’s ok to send that one photo. This behavior is actually a net good in my opinion. It allows you to give an app one photo instead of your entire library. It can’t see any of your photos until you tap one. This is far better than committing your entire library to a jokey meme app.

Unfortunately, there is still some cognitive dissonance here, because Apple allows an app to call this API even if a user has set the Photo Access setting to Never in settings. In my opinion, if you have it set to Never, you should have to change that before any photo can enter the app from your library, no matter what inconvenience that causes. Never is not a default, it is an explicit choice and that permanent user intent overrules the one-off user intent of the new photo picker.

I believe that Apple should find a way to rectify this in the future by making it more clear or disallowing if people have explicitly opted out of sharing photos in an app.

IMG 0475

One good idea might be the equivalent of the ‘only once’ location option added to the upcoming iOS 13 might be appropriate.

One thing that FaceApp does do, however, is it uploads your photo to the cloud for processing. It does not do on-device processing like Apple’s first party app does and like it enables for third parties through its ML libraries and routines. This is not made clear to the user.

I have asked FaceApp why they don’t alert the user that the photo is processed in the cloud. I’ve also asked them whether they retain the photos.

Given how many screenshots people take of sensitive information like banking and whatnot, photo access is a bigger security risk than ever these days. With a scraper and optical character recognition tech you could automatically turn up a huge amount of info way beyond ‘photos of people’.

So, overall, I think it is important that we think carefully about the safeguards put in place to protect photo archives and the motives and methods of the apps we give access to.


Source: TechCrunch

Tags: in Uncategorized
Banner
Related Posts

Tesla starts rolling out Chess to ‘Tesla Arcade’ in-car gaming app

July 26, 2019

July 26, 2019

Tesla is making a new game available to its vehicle owners, with a roll-out starting today. The company started pushing...

Ford-owned Spin is bringing a tougher electric scooter to dozens of cities

July 25, 2019

July 25, 2019

Spin, the electric scooter company acquired by a Ford subsidiary for around $100 million, is launching a new electric scooter...

The Vivaldi browser lands on Android

September 9, 2019

September 9, 2019

Vivaldi has long billed itself as a browser for advanced users who want to be able to customize their browser...

Verified Expert Lawyer: Sophie Alcorn

July 3, 2019

July 3, 2019

Sophie Alcorn founded her own immigration-focused boutique law firm a few years ago, that has quickly become a go-to resource...

Mozilla launches the next phase of its Firefox Private Network VPN beta

December 3, 2019

December 3, 2019

Mozilla today announced that its Firefox Private Network (FPN), which lets you encrypt your Firefox connections, is now in an...

DoorDash double downs on controversial pay model

June 27, 2019

June 27, 2019

There’s seemingly no end in sight for DoorDash’s compensation model where it subsidizes driver wages with customer tips. The mildly...

Group dating app 3fun exposed sensitive data on 1.5 million users

August 8, 2019

August 8, 2019

More than 1.5 million users of a group dating service had their personal data exposed — including their real-time location...

Iguazio brings its data science platform to Azure and Azure Stack

May 8, 2019

May 8, 2019

Iguazio, an end-to-end platform that allows data scientists to take machine learning models from data ingestion to training, testing and...

The Samsung Galaxy Fold is headed to Canada, with in-store pre-orders starting today

November 28, 2019

November 28, 2019

The Samsung Galaxy Fold is a very unique smartphone, in more ways than one. The most obvious differentiator is that...

Startups Weekly: Will Trump ruin the unicorn IPOs of our dreams?

January 12, 2019

January 12, 2019

The government shutdown entered its 21st day on Friday, upping concerns of potentially long-lasting impacts on the U.S. stock market....

Arm announces its new premium CPU and GPU designs

May 27, 2019

May 27, 2019

Arm, the company that designs the basic chip architecture for most of the world’s smartphones, today announced the launch of...

Logitech’s MX Master 3 mouse and MX Keys keyboard should be your setup of choice

October 17, 2019

October 17, 2019

Logitech recently introduced a new mouse and keyboard, the MX Master 3 ($99.99) and MX Keys ($99.99) respectively. Both devices...

Holberton opens its software engineering school in Medellin

June 10, 2019

June 10, 2019

Holberton School, which sees itself as a college alternative for budding software engineers, today announced that it has opened a...

Wearable spending forecasted to increase 27% in 2020

October 30, 2019

October 30, 2019

New numbers from Gartner mark another major increase for global wearable spending in 2020. The analyst firm forecasts a 27%...

Microsoft aims to modernize and secure voting with ElectionGuard

May 6, 2019

May 6, 2019

When it comes to voting, we’ve come a long way from dropping pebbles into an amphora, but still not nearly...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *