FaceApp. So. The app has gone viral again after doing so two years ago or so. The effect has improved, but these apps, like many other disposable viral applications, tend to come and go in waves driven by influencer networks or paid promotion. We first covered this special AI photo editor from a team of Russian developers two years ago.
It has gone viral again because of some features that make it possible to edit the face to make it grow older or younger. You can remember at one point it had a problem because it enabled what constituted digital blackface by changing a person from one ethnicity to another.
In this current wave of virality, some new questions about FaceApp fluctuate. The first is whether it uploads the camera roll in the background. We found no evidence of this nor did the security researcher and Guardian App CEO Will Strafach or researcher Baptiste Robert .
The other is how it allows you to select images without giving picture access to the app. You can watch a video of this behavior here:
Although the app actually lets you select a single image without giving it access to the photo library, this is actually 100% allowed by an Apple API introduced in iOS 11 . It allows a developer to let a user select a single image from a system dialog to let the app work. You can see the documentation here and here.
Because the user has to tap one image, this gives something Apple keeps loved: the purpose of the user. You've clearly tapped it, so it's okay to send one picture. This behavior is actually a net good in my opinion. It lets you give an app one photo instead of your entire library. It can't see any of your photos before you press one. This is far better than committing the entire library to a jokey meme app.
Unfortunately, there is still a cognitive dissonance here, because Apple allows an app to call this API even though a user has set Settings for photo access to Never in settings. In my opinion, if you have set it to Never, you need to change it before an image can enter the app from your library, whatever the inconvenience it causes. Never is a standard, it is an explicit choice, and the permanent user intensity overrides the ultimate user's purpose for the new photo selector.
I think Apple should find a way to fix this in the future by making it clearer or unclear whether people have explicitly chosen to share photos in an app.
A good idea: the same as the "just once" option added to the upcoming iOS 13 may be appropriate.
One thing that FaceApp does, however, is that it uploads the image to the cloud for processing. It does not process on a device that Apple's first-party app does, enabling third parties through its ML libraries and routines. This is not made clear to the user.
I have asked FaceApp why they do not alert the user that the image has been processed in the cloud. I also asked them to keep the pictures.
Given how many screens people take of sensitive information like bank and what not, image access is a greater security risk than ever these days. With a scraper and optical character recognition technology, you can automatically look up a large amount of information path beyond "images of people."
So in general, I think it's important that we carefully consider the protections that have been put in place to protect the image archives and the motives and methods of the apps we provide.