Experts are warning that the popular ‘New Profile Pic’ app for Facebook could not only be sending large amounts of personal data to Russia, it could spell trouble for businesses too.
In an online trend, hundreds of thousands of people have uploaded their profile images to New Profile Pic, which uses facial recognition technology to modify the photo to look like a painting or cartoon.
It’s listed as the No. 1 free app in the App Store but, as the Daily Mirror reports, “many are unaware that their information is being sent to a company that is registered in Moscow.”
Cybersecurity adviser Jake Moore told DailyMail.com that “this app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country.”
insider explains that sets of personal data are “valuable to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials.”
Unvetted apps are always a risk for businesses that permit BYOD — Bring Your Own Device — where employees can use their personally-owned devices for work, instead of being required to use an officially provided device.
“Bright shiny stuff can get you into trouble,” said Rodney Gullatte Jr., certified ethical hacker and CEO of Springs-based Firma IT Solutions. “Let’s say you put this on your work phone. Not good.
“[And if] your password to Facebook is the same as everything else… they got you.
“This is how Russia hacks us,” Gullatte said. “They didn’t have to break in. We let them in.”
It’s not the first time a Facebook photo app has raised red flags. In 2017 a Russia-based company released FaceApp, which also used AI to edit users’ photos. Cybersecurity experts sounded the alarm over the vast amounts of data the app sent to Russia.
In December 2019 the FBI confirmed mobile apps developed in Russia are a threat to security.
The website for New Profile Pic was originally registered in Moscow but on May 11, in the midst of concerns over its data collection, the company behind the app changed the registration to an address in Florida.