Earlier this month, FaceApp was everywhere, sparking an important debate about data privacy. How much control do we really have over how popular apps handle our data?
FaceApp allows users to transform their selfies by age or gender, with impressively uncanny results. If you’re on any kind of social media, you’ve probably seen a few of the resulting images. It’s not the first time FaceApp has gone viral since it launched in 2017. The first time it attracted controversy over its ethinicity-altering features. This time, however, it’s all about how it uses data.
Critics were quick to point out that the T&Cs allowed FaceApp access to all the photos on your device, and there were rumours of them being used in Russia for malicious purposes. The good news is that it’s probably OK. FaceApp’s developers are registered in Russia, but there’s not much evidence to suggest anything untoward is happening. Despite what was first reported, FaceApp only harvests the photos users are in the process of editing. Data, in most cases, is stored on servers in the US, not Russia.
Yes, Wireless Labs have access to some of your data, but, if you’re on social media already, there’s a good chance your image is already available in several places you don’t know about.
However, this isn’t all good news. It raises serious questions about the permissions we all regularly agree to – which could be used for bad as well as convenience or fun. And, for small businesses where staff bring in their own devices, or use work systems for personal tasks, do apps open the door to data breaches that could go far further than personal data theft?
Device control is essential. Any mobile app – hacked or straightforwardly nefarious – can use the permissions you give it to access and steal your data. There’s also the risk of mobile malware, aimed particularly at Android devices. Rogue apps that harvest data were recently found in the Google Play store.
The danger is, if a malicious app was to be used on a business smartphone or tablet – or a device your staff bring in from home but use to access your systems – it could potentially lead to a catastrophic data breach.
We’d recommend remote monitoring and placing controls on what devices on your network can access and download. There are various ways to do this, including Microsoft Intune – a device management tool that comes with some Microsoft Enterprise systems. A good rule of thumb is to only allow the least amount of access a user needs to do their job, and no more.
While FaceApp might have turned out to be largely harmless, malicious apps are on the rise. As users are more attracted to the features (and their viral appeal), the less we all pay attention to the small print, or take the time to look into who or what we are giving away in return. There’s no such thing as a free lunch, after all.
We’re trusted cyber security providers to small businesses in London, helping them to stay on top of device and access management to protect their networks. Contact us to find out more about how we can help boost your resilience.