Zimperium's Mobile Security Blog

You May Want to Hold off on Saying “Cheese” for FaceApp

You May Want to Hold off on Saying “Cheese” for FaceApp

The latest security and privacy hysteria involving apps is “FaceApp” – – which may or may not upload all of your photos to a server owned by a Russian company.

The app which ages you (and who doesn’t want to be aged) is all the rage. My son, who is at summer camp, sent me pictures of him and his sister age 70 or older.

Me. Not a fan, but that’s a different story.

The security and privacy concerns surrounding FaceApp started when a developer’s tweet went viral:

This has spurred major media attention – – Forbes, New York Post, Good Morning America, TechCrunch, etc,…

Regardless if the buzz around FaceApp is valid or not, what’s clear from our standpoint is why knowing the risks these apps present are so essential to organizations (and their employees).

You probably want to know immediately if an app can gain access to all of your photos (not just personal, but also business pictures of the top secret whiteboard session that has your company’s strategy on it) and not have to wait for articles to run about it.

Only Zimperium provides this. As part of Zimperium’s drive to enforce strong mobile security, our z3A Advanced App Analysis continually evaluates mobile app risk across company employees and their devices.

It provides intelligent insight into your employees’ apps. You can see which apps in use are safe or risky, and you can set security policies to reduce that risk. For each risky mobile app identified, we provide deep intelligence, including contextual analysis, as well as privacy and security ratings.

You can know in real time what each and every app is doing, including:

  • Content: the app code itself
  • Intent: the app’s behavior
  • Context: the domains, certificates, shared code, network communications.

We did an advanced app analysis with z3a and found the issues regarding uploading all the photos. We also found the coding itself to be highly obfuscated. Could be because the developers are wanting to protect IP. Could be for other reasons.  Either way, I told my son to delete the app – – I’d prefer for him and his sister to age gracefully.