It's been two years since the viral FaceApp made its way to the digital universe. This week, the app's aging feature became a hit among social media users who have been sharing photos of their future elderly selves. 

As with all other apps, there are some privacy concerns one must consider before usage — but it's a little too late for that as millions have downloaded the app already. According to Forbes, more than 100 million people have downloaded the app from Google Play; it's also the top-ranked app on iOS App Store in 121 countries.

By using the app, users are giving FaceApp - a startup owned by Russian company Wireless Labs - the power to use their uploaded photos and names. It's actually clearly stated on FaceApp's terms of service —something we're all guilty of brushing off and blindly accepting oftentimes. 

Turns out, the company owns "a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content ... without compensation to you." The terms also state that by using the app, associated information - including username, location, and profile photo - will be visible to the public.

In a statement to TechCrunch, FaceApp said "We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority."

To work, the app requests that a user give it access to the camera roll, instead of just requesting camera access to take only one photo to use on the app. There were speculations on whether the app actually uploads your entire camera roll to its servers. 

A French security researcher, under the pseudonym Elliot Alderson, found that the app does not upload your entire camera roll onto the servers, rather just the photo being modified. 

In a statement to The Guardian, Alderson said he "couldn't find any evidence it was stealing all your data; it was just getting your device ID and your device model."

Following the uproar on privacy, FaceApp released a statement clarifying some of the claims being made. It claimed that "no user data is transferred to Russia," despite the fact that its R&D team is based there. The statement also added that "most images are deleted from our servers within 48 hours from the upload date."

However, as Forbes pointed out, once something is uploaded to the cloud, you lose control over it immediately. It's also worth noting that according to its privacy policy, the data taken from users can be stored and processed in the U.S. or any other country where FaceApp conducts business. 

Aside from what it can do with your photo (as per their terms), users on FaceApp are also giving the app access to a number of different things including: 

  • Data from cookies
  • Log files
  • Device identifiers
  • Location data
  • Usage data

The app provides this data to "Affiliates," "Service Providers," and "Third-Party Advertising Partners," as per its privacy policy. 

FaceApp's privacy policy is actually very similar to many other tech services and platforms. But, the fact that it's a Russian-owned company has prompted intense speculation — and investigations as well. 

A top Senate Democrat in the U.S., Chuck Schumer, went to lengths and called on the FBI to review the app as he's concerned it could pose "national security and privacy risks for millions of U.S. citizens."

Well, maybe now people will understand that privacy policies, terms and conditions, and cookie policies exist for a reason. They are made public so that users can read and be aware of what they're getting themselves into. But, I guess you already knew that when you downloaded FaceApp.