Why Enterprises Need to Worry About FaceApp

Why the FaceApp rose to fame?

FaceApp, an AI-powered self-editing app is generating a lot of hype on social media. This algorithm-based mobile application, originally developed in Russia for iOS and Android mobile devices, allows users to transform facial features, hairstyle, age of people in photographs and make them look younger or older. 

Although FaceApp has been around for some time now, it came under the security radar when celebrities started posting their own edited pictures. Security experts also believe FaceApp can potentially compromise corporate data on employee devices. Despite that, FaceApp has been downloaded more than 90 million times around the world on iOS and Android devices. This proves this is not just a passing fad. 

Why businesses should be worried?

But why must businesses be wary of allowing this app on work devices? And what makes it a concern for privacy? Let’s take a look. 

Fake FaceApp application:

Antivirus expert, Kaspersky, has warned users of the presence of a fake FaceApp application. According to Kaspersky, the fake FaceApp application can be downloaded from unofficial sources and installed. The malicious module in the lookalike version of the app rests discreetly on the user’s device, displaying adverts. Eventually, it infects the user’s device with an adware module called MobiDash. Users who download this malicious application on their work phone could endanger corporate data.

Lack of adequate permissions:

The app’s privacy agreement is the greatest cause of concern due to the fact that it requires the user to provide access to his entire photo library. This means that the app can upload photos and other data from a user’s device to servers in Russia. Also, FaceApp gets royalty-free and irrevocable rights to user data. This kind of information may allow hackers to break into bank accounts. Scary, right?

Consequently,  US government officials have been urged not to use FaceApp on their work phones. 

Though FaceApp denies that it collects any information on user identity, enterprises must be aware of malicious apps and protect work data from being compromised.

How 42Gears can help?

For employees who use their personal devices to perform business operations or access corporate data, FaceApp can be a vulnerability. 42Gears BYOD solution provides businesses an easy way to protect business data on employee-owned devices by putting applications in secure containers. A container isolates the enterprise data from personal data and encrypts it. 

Security practitioners highly recommend protecting enterprise data and devices on BYO devices with a combination of Mobile Threat Defense (MTD) and Unified Endpoint Management (UEM) solution. 

MTD, a malware protection solution, offers protection on three levels- Device level, Network level, and Application level. It restricts out-of-compliance apps to override privacy permissions and leak data. When deployed along with a UEM solution, MTD works perfectly to help businesses have a secure layer against mobile threats and apply disciplinary actions on the device. MTD scans the device and looks out for any kind of unusual activities exhibited by apps or non-compliant devices, and generates a report. If the app is found to be non-compliant, MTD can blacklist the app or device, wipe the container and notify the IT admin. It is then possible to uninstall any “leaky app” from the managed device and ensure endpoint security.