23 August 2019

Cyber threats to worsen with AI, IoT and other tech advances: Israeli expert

Gulveen Aulakh

New Delhi: Recently, you would have seen people around you wanting to see what they look like 30 years from now. Heck, you would be one of them, the people who have used the app which uses artificial intelligence (AI) to do the trick, making Face-App the No 1, or the most downloaded app in India, and the world.

The popularity of FaceApp features — that include making one appear older or younger in a picture, add a smile to your face, trying on different hair styles and even changing ones gender — has made it a viral phenomenon over the past two weeks or so, even though the app has been available for the past two years.“As of July 27, FaceApp ranked #1 by overall iPhone downloads in 154 countries, of which India is one,” said a spokesperson from App Annie, a San Fransicso-based mobile data and analytics firm.

“Global interest in FaceApp picked up in mid-July, which was mirrored in India. Year-to-date (July 27, 2019), Face-App has been downloaded over 90 million times globally across iOS and Google Play stores combined, with a bulk of the downloads coming in July,” he said, adding that India accounted for 10 million downloads, with òver 8 million coming in July so far.

Analysts and cyber security experts though warn of potential risks to user privacy and national security since personal data of millions of people could be vulnerable to threats of misuse later on. A clear red flag is a clause in the terms and conditions of FaceApp which says users give Face-App “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable licence” to use photos they upload.


"Three critical privacy issues with FaceApp are related to its permissions needed to access entire photo library, the fact that photos and other data is uploaded to servers in Russia, and the click through privacy agreement that grants FaceApp the royalty free and irrevocable rights to user data,” said Amit Jaju, senior managing director at FTI Consulting, an NYSE-listed consulting firm based in the US, specialising in forensic technology. He said the data can be easily misused for 3D face printing and bypassing all kinds of biometric face authentication and also misused with techniques such as deepFake to create fake videos.

“The government should enforce data to be stored in India. And delete all source data immediately once the processing is over," Jaju said. The Indian government is considering barring army personnel from using it, on the grounds that the app requires access to all images, files and photos on one’s phone, which may pose a security risk.

No comments: