Experts have warned users to be wary of the New Profile Pic app that collects large amounts of personal data.
The app, which was initially registered in Russia, allows users to upload an existing photo to create a profile image in the appearance of a painting or a cartoon.
Users in the tens of thousands have uploaded images to the app to acquire profile pictures.
It’s been reported that Linerock Investments, the company behind the app, is based in an apartment building near the Moscow River, next to the Russian Defense Ministry.
But Photo Lab spokesperson Kate Polezhaeva told The Independent that while they have “development and customer support offices in Russia, Ukraine, and Belarus … the top management of the company and the managers of the majority of the projects, including myself, are based out of these countries”.
According to the Google Play Store, the app has been installed more than 1 million times and has been reviewed by around 30,000 users. It’s listed as the number one free app on the App Store.
Cybersecurity adviser Jake Moore told DailyMail.com that “this app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country”.
But the fact-checker website Snopes wrote that “there’s little evidence to suggest that this app is any more invasive in its collection of user data than other apps”.
The International Consortium of Investigative Journalists offshore leaks database shows that Linerock Investments Ltd has an address in Moscow and is also linked to the British Virgin Islands.
But Ms Polezhaeva said that “the address on Moscow River is the address of lawyers who registered the company. We have never had an office there “.
“It is true that the domain was registered to the Moscow address. It is the former Moscow address of the founder of the company. He does not live in the Russian Federation at the moment, ”she added. “By now the address has been changed in order to avoid any confusion.”
A company based in St Petersburg in western Russia released the FaceApp in 2017, allowing users to upload photos that would be edited using artificial intelligence to make them appear older. A challenge that went viral led to security experts warning users about the amounts of data the app sent to Russia.
The New Profile Pic app promotes the application by saying that “the world around us is fast-paced and always evolving. In this ever changing world, why stick to one profile pic on your social media? Let it be different, always new and … made by AI! “
“The NewProfilePic app lets you change your user image style as often as you want. Dare to be different, with a profile pic that reflects your current mood or state of mind. Impress your friends on social media and keep them interested in what’s coming next! ” the promotional material for the app states.
When downloading the app, users agree to share their location, information about what kind of device they’re using, and other photos uploaded to their social media accounts.
The data policy says that “we collect certain personal information that you voluntarily provide to us”.
“We collect your name, email address, user name, social network information and other information you provide when you register,” it adds.
The app also collects data about the user from other companies, as well as the user’s IP address, browser type and settings.
The developers of the app say that “whenever you choose an effect that involves face manipulations we use special face recognition technologies to detect a photo; find required facial key points, and apply the effect to your photo “.
The “detected key points may be kept along with the photo on the servers of our providers for up to two weeks from the last interaction with the photo … to speed up further processing of the same photos,” the company says.
“Before people upload photos or other personal data to a brand new website, they must carry out their own due diligence where possible,” Mr Moore told DailyMail.com.
“Although most people will not question the possibilities of anything untoward occurring from simply uploading a photo, the amount of data taken under the radar can often be far more than the user intended on sharing which can cause security and privacy problems,” he added.
“Regardless of where they are based, I would always err on the side of caution when handing over sensitive data as once it has gone it is virtually impossible to gain control of it back,” he said.
Ms Polezhaeva told The Independent that “we understand that due to the current events in Ukraine, any connection to Russia could raise suspicions. That’s why we want to share the position on this issue on our founder’s Instagram“.
“We did not and do not plan to have any affiliation with any governmental organizations of any country,” she added.
“All user photos are hosted and processed on the Amazon AWS and Microsoft Azure servers, which are located outside the Russian Federation,” she said.
On 20 February, four days before the Russian invasion of Ukraine, Photo Lab founder Victor Sazhin partly wrote on Instagram that “our team has development offices in Moscow and Kiev, Novosibirsk and Odessa. Our iOS team is mostly Russian. Our Android team – mostly Ukrainian “.
“I personally was born in USSR in Moscow and moved to Krivyi Rih being two months old. Very literally my fatherland is Russia and my motherland is Ukraine, ”he added at the time. “With Moscow being my home and Kryvyi Rih being a beloved city of my childhood, I never would imagine discussing a matter of war between our nations.”