Russia data swipe: Warning over viral app that hoovers YOUR data and sends it to Moscow

Google Maps explains how location data is used

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Tens of thousands of people have been uploading their photographs to the servers of the New Profile Pic app in exchange for the free avatar. But Linerock Investments, the company behind the app, is based in a building overlooking the Moscow River, which is behind Russia’s Ministry of Defence and just three miles from Red Square. ESET Internet Security Global Cybersecurity Advisor Jake Moore has questioned why the popular new app would want such a high level of data from its users, especially when the company is based abroad.

He told MailOnline: “This app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country.”

Linerock Investments Ltd is registered in Moscow, according to the International Consortium of Investigative Journalists Offshore Leaks database.

One of its shareholders is based in Panama City, while a director is also based in Russia.

The app’s promotional material states: “The world around us is fast-paced and always evolving.

“In this ever changing world, why stick to one profile pic on your social media? Let it be different, always new and… made by AI!

“The NewProfilePic app lets you change your user image style as often as you want.

“Dare to be different, with a profile pic that reflects your current mood or state of mind.

“Impress your friends on social media and keep them interested in what’s coming next! ;)”

When deciding to download the app, users must be prepared to share their location, details about the computer or mobile device they are using, as well as other pictures on their social media accounts.

The company’s data policy states: “We collect certain personal information that you voluntarily provide to us.

“We collect your name, email address, user name, social network information and other information you provide when you register.”

The firm also collects data on the user from other companies and combines it with their own dossier, while also collecting the IP address, browser type and settings from a computer or the device data from a mobile phone.

Kyiv stands tall after Putin bombardment with two-thirds returning [LATEST]
Ukraine ambassador blasts Austria protesters removed from Russia rally [REPORT]
Exactly how the UK would react if Russia attacks a NATO ally [ANALYSIS]

The app developers explain: “Whenever you choose an effect that involves face manipulations we use special face recognition technologies to detect a photo; find required facial key points, and apply the effect to your photo.”

The firm claims the “detected key points may be kept along with the photo on the servers of our providers for up to two weeks from the last interaction with the photo… to speed up further processing of the same photos”.

The app has so far proven to be extremely popular and on Apple’s App Store, it has surged to the summit of the photo and video chart while on the Google Play Store, more than 25,000 people have rated it.

But security expert Mr Moore warned: “Before people upload photos or other personal data to a brand new website, they must carry out their own due diligence where possible.

“Although most people will not question the possibilities of anything untoward occurring from simply uploading a photo, the amount of data taken under the radar can often be far more than the user intended on sharing which can cause security and privacy problems.

“This app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country.

“Regardless of where they are based, I would always err on the side of caution when handing over sensitive data as once it has gone it is virtually impossible to gain control of it back.”

A spokesperson for the app said: “We are a BVI company with development offices in Russia, Ukraine, and Belarus.”

They insisted they do not share any information from users in a way that is not listed in their Privacy Policy.

The spokesperson added pictures are sent to their Amazon servers to apply the effects and are not seen by anyone else. Images are deleted after two weeks.

Source: Read Full Article