Security concerns rise as FaceApp, 'aged' photos gain popularity

People are flooding social media with pictures of older versions of themselves, leading many -- including the Democratic National Committee -- to question whether photo-filter app FaceApp poses a danger to users' privacy.

FaceApp allows users to upload a picture of someone and put it through various filters that can make the subject look older or younger, swap genders and other effects. The app has been around since 2017, but it's gone viral this week after celebrities began sharing old age-filtered pictures of themselves.

Celebrities who have taken part in the "FaceApp challenge" include singer Carrie Underwood, musical group the Jonas Brothers and comedian Kevin Hart.

>> Read more trending news

Celebrities who have taken part in the "FaceApp challenge" include singer Carrie Underwood, musical group the Jonas Brothers and comedian Kevin Hart.

But the app's sudden surge in popularity has raised questions about whether it can be trusted with users' data.

Rumors have circulated that developers in Russia, where the app is based, are taking users' photos.

Concerns are so pervasive that Wednesday afternoon, the DNC sent a security alert to 2020 presidential campaigns warning "campaign staff and anyone in the Democratic ecosystem" to steer clear of the app, CNN reported.

"This app allows users to perform different transformations on photos of people, such as aging the person in the picture. Unfortunately, this novelty is not without risk: FaceApp was developed by Russians," wrote Bob Lord, the DNC's chief security officer.

The DNC and democratic campaigns were attacked by Russian hackers in 2016, according to CNN.

"It's not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks," Lord said.

App maker and tech author Joshua Nozzi tweeted a warning to FaceApp users, saying, in part, "It immediately uploads your photos without asking, whether you chose one or not." The tweet has since been deleted.

However, engineer Jason Modisett replied, saying, "It’s not - I just installed & sniffed its network packets and nothing unusual is happening. Some firebase remote config stuff, Twitter api. It definitely loaded the pictures slowly but it’s not uploading them anywhere."

So, what's the truth?

FaceApp's privacy policy is described by tech blog 9 to 5 Mac as "inherently vague." The policy says the app collects user content such as "photos and other materials that you post through" through FaceApp.

FaceApp issued a statement Wednesday addressing many of these concerns. Regarding Nozzi's tweet and allegations that the app uploads a user's whole photo roll, FaceApp said: "We don't do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet."

This appears to be supported by a third party. Security researcher Baptiste Robert, who goes by Elliot Alderson, downloaded the app and checked where it was sending users' pictures, Forbes reported. Robert found that the app only took the submitted photos -- the ones users choose to be transformed -- to a company server.

The server is based in the United States, not Russia, as had been rumored, according to Forbes. FaceApp also addressed this concern in the statement.

"Even though the core R&D team is located in Russia, the user data is not transferred to Russia," the statement said.

Users concerned about the app having permission to access any photos should look at each app on their phone and what permissions each app has, Forbes reported. Users can change permissions or delete the app.

The entire statement from FaceApp can be read here.