Cyber safety experts reveal TikTok is the most data-hungry app 

0
459
  • 38 out of 40 face-transforming apps ask for data that isn’t essential to the services they provide 
  • Ageing apps collect the most data, including financial and social media information 
  • TikTok collects data from every single category in this study and retains user content indefinitely 

Many of us are guilty of downloading face-transforming apps. Whether they are used to predict how much we will age in the next 20 years, or to simply touch up a selfie before posting it on social media, it is important to consider your data security.  

Cyber security experts at VPNOverview.com decided to investigate just how safe your data is in the hands of these apps. The privacy policies of the most downloaded face-transforming apps on Google Play Store and Apple App Store were studied to reveal what types of data they collect and how long they retain it for; these were spilt into five categories: ageing, gender-swap, beautifying, face-swap, and body-swap apps. Eight data types of data were identified from these privacy policies: 

Contact information – User phone contacts 

Financial information – Credit/debit card information 

Camera and photos – Access to camera and photo gallery 

Social media information – Publicly available information on linked social media accounts 

Location information – Exact user location 

User content – All content generated using the app 

Personal data – First name, surname, address, phone number 

Usage data – Interactions with the app e.g. how many times they’ve used the app and how long for  

  •  

Why do face-transforming apps need your data? 

Apps do require access to certain data so that they can provide the service advertised e.g. TikTok will require access to your camera so that you can film a video. However, many apps tend to ask for data that isn’t necessarily essential for the services they provide. In fact, of the forty apps studied, 68% collected location data from its users, whilst 40% of the apps collected user content data despite mainly being photo-editing and filter apps. TikTok, Snapchat, Oldify, Facetune and FACEinHOLE have been found to collect both of these data types. 

What do these apps do with your data? 

Ageing apps 

Ageing apps allow users to see what they would look like as an older version of themselves. These apps have been found to be the most intrusive of all five categories in the study; Oldify collects the most data out of every app studied. 

Photo-editing apps shouldn’t require more data than having access to a user’s camera and photo gallery, but Oldify’s privacy policy states that it may also disclose personal data to its parent companies and subsidiaries. In terms of photo retention, most aging apps stated that they store pictures on their servers or locally (on your phone). Some didn’t clarify how they store user-uploaded photos at all.  

Gender-swap apps 

Gender swap apps allow users to see what they would look like as the opposite gender. The most popular apps offering this service are TikTok and Snapchat both having been downloaded over one billion times.  

TikTok scored very highly on the data-tracking investigation as the app collects data across all nine categories. The app stores user content indefinitely, except for under 13-year-olds who are able to request to have all of their data deleted

Beautifying apps 

Beautifying apps can add makeup, change your hair colour or even alter face structure. Celebrities and influencers quickly discovered these apps such as FaceTune to perfect their image and brand.  

One of the most interesting findings from this study was from an app named Beauty Plus which uses facial recognition. The apps claims that this technology can’t be used to identify anyone, but it is still something to keep in mind when using the app. 

Face-swap 

Celebrity face-swap apps allow you to swap faces with your favourite celebrities and ‘become’ them. The most popular of these apps called FACEinHOLE has been found to collect location information and browsing history.  

FaceOscar doesn’t seem to have a privacy policy. This may be something to be wary of when using the app as users have no way of knowing whether their data is being collected or not.  

Body-editing apps 

Body-editing apps offer users the ‘ideal’ body shape by reshaping body parts, adding muscle or slimming down the body. Body-editing apps are at the lower end of data-hungry apps, but they still collect location data. Only one app out of eight stated that they don’t use location data.  

How can I protect my data whilst using face-transforming apps? 

Download reputable apps from official sources 

When downloading any mobile apps, make sure to do so from official sources such as Google Play Store, Apple App Store, or the company developer’s website. It is also worth checking that the app is the official version that is made by their respective companies. Some app developers will name their version very similarly to the official version, so be sure to check spellings. Another thing to consider when downloading is user reviews. Apps are unlikely to have all five-star reviews from users, so make sure to check for overwhelmingly positive reviews that may have been planted by the developer. Finally, you should check that the release date wasn’t too recent as apps that have been around for a long time are generally more stable and trustworthy.  

Keep software updated 

Keeping all software on your phone updated is a great way to improve the overall experience you have using any app. More importantly, it will keep your data more secure as apps often update to remove bugs or vulnerabilities.  

Use a VPN 

Using a virtual private network (VPN) will hide your IP address, encrypt your data traffic, bypass government censorship, and allow you to download files anonymously. VPNs are also useful in hiding your location, with the exception of apps that require access to GPS tracking. 

Limit the information on your social media 

Social media has been known to have affiliations with data insecurity issues. After the infamous Facebook-Cambridge Analytics scandal or the LinkedIn data breach, it is definitely sensible to limit the amount of information present on social media accounts. You can opt-out of social media sign in requests altogether, or just be vigilant and remove sensitive information from your accounts.  

Research the app and be mindful of permissions 

Reading through the terms and conditions of every single app that you download is going to be very time consuming. Instead, opt for a quick google search of the particular apps’ read-through permissions which will only take a few minutes to read. Make sure to avoid downloading the app if the permissions require access to data that you think is irrelevant to the service. 

A spokesperson from VPNOverview.com commented on the study: 

“Whilst several apps have been found to collect irrelevant data to a specific service, this doesn’t necessarily make these apps data-miners in disguise. It is worth noting that sometimes, developers end up requiring certain data while trying to make the app.  

Even so, we should all stay vigilant and critical about what kind of data these apps are collecting and where they may be using them. ‘Free’ apps and services still need to make money, so if users aren’t paying for services, it is likely that they’ll be making money elsewhere – by providing data.” 

VPNOverview.com are a dedicated team of cybersecurity and privacy professionals offering guidance on these topics in the most accessible way possible.  


Help keep news FREE for our readers

Supporting your local community newspaper/online news outlet is crucial now more than ever. If you believe in independent journalism, then consider making a valuable contribution by making a one-time or monthly donation. We operate in rural areas where providing unbiased news can be challenging. Read More About Supporting The West Wales Chronicle