Stay up to date

Stay up to date

Mobile Application Security Expertise

FaceApp: What our security report shows

Picture of The Pradeo Lab
By The Pradeo Lab on July, 25 2019
faceapp_security_report

FaceApp is currently highly questioned in the press. A lot of articles and some American politicians relate that the Russian mobile application collects and exfiltrates its users’ personal data, without specifying which. Real threat or fake news? The FaceApp security analysis performed by the Pradeo Security engine clarifies things. Here is a part of it.


 

App ID

Name: FaceApp

Package: io.faceapp

Version: 3.4.9.1

 

Personal data processed by FaceApp

Pictures taken via the camera in the app -> Sent to FaceApp servers

Pictures selected in the gallery -> Sent to FaceApp servers

Gallery -> Used locally, not sent to the network

 

Device data processed by FaceApp

Device identifier -> Sent to Google-owned analytics servers

OS Version -> Sent to Google-owned analytics servers

Device manufacturer -> Sent to Google-owned analytics servers

Device name and model -> Sent to Google-owned analytics servers

 

Vulnerabilities

The application doesn’t embed any code vulnerability.

To conclude, pictures are the only sensitive data processed by FaceApp. Indeed, the application sends selected pics towards its servers, but unlike some claims posted on social media, the app doesn’t leak the gallery, and therefore, doesn’t exceed its permissions.

When it comes to unraveling the real threats from false alerts, accuracy is key. Pradeo provides companies with solutions to access applications’ security report, and clearly see in a few seconds whether they represent a real threat, or not.

To learn more about Pradeo Security global application database and mobile application testing solution, contact us.

 

Discover Pradeo Security solution suite:

 

Get in touch with mobile security experts

Contact us