Reface Security Checklist: protect your data from your apps

We’ve all needed to urgently download a new app at some point, whether it’s a VPN or a photo editor with a particular filter you need right now. Unfortunately, the first app you find on the internet may not be safe in terms of your data and privacy.

Insecure data storage is the most common threat we face from mobile applications. Your information can be sent to third parties without your knowledge or consent, and commercial and government actors can then use this data for their own purposes. This can help advertisers learn what products to show you and help companies better understand your preferences. Even worse, criminals could use your data for fraudulent activity, and governments and other actors could target you with misinformation activities. Many people are still afraid of FaceApp because the company has been allegedly sharing user data with the Russian government. Even though there’s no definitive proof that FaceApp is unsafe, people are still afraid of apps that use their pictures and data.

We’re also concerned about the fakes of the Reface app that have been emerging over the past six months. These fakes use our name, idea, or content, but we don’t know anything about their security, let alone their credibility. That’s why we want to warn you not to download any suspicious apps before checking their legitimacy.

In the spirit of transparent communication, we wanted to write this post to give you some tips to help you protect your data and share some important information about Reface.

Here are a few obvious but essential tips to keep in mind when downloading a new app on your phone

Don’t allow a wide range of permissions

Always tap “view details” when installing a new app to check what kind of permissions the app is requesting. If anything looks suspicious, cancel the app installation. Only permit actions that are needed for the functioning of the application. For example, a photo editor does not need access to your contacts and locations. Recheck your apps for permissions.

Don’t download apps from suspicious, “free” sources. Use official application stores

Clone apps are the real problem. Hackers create fake variations of popular apps like Facebook, Instagram, etc., to get users’ usernames and passwords.

Also, official app stores have their own policies regarding apps that gather user data and/or share it with third parties. Every application is checked for compliance with security rules prior to its release in the store. For example, Google uses Google Play Protect, and Apple has user security guidelines for its developers.

Always read reviews, pay attention to ratings, and look for typos in descriptions

Scammers and hackers are usually in a hurry and may have typos in their app descriptions. They can also spoof established brand names, so pay attention. Reviews can still provide useful information though, and honest reviews should contain both positive and negative opinions. But if you see that an app only has good reviews, you should be careful.

Research the app’s developer and their products

Google every app before downloading it. Your searches might look like “app name + reviews” or “app name + fraud.” Also, always do your research about the app’s developer. What kind of apps does the company produce? What are people saying about the company?

And remember, reliable companies always have their security policy available on their websites or public pages. If a developer has no official webpage or established policy, you should doubt their legitimacy or, at least, reputation.

Keep your software up to date

Never hesitate to update your phone’s operating system. Being updated means being secured from the latest frauds and scams hackers are constantly working on, making automatic updates essential.

How we at Reface protect user data

At Reface, we prioritize the security of our users’ data. We want to build a culture of transparency and open communication with our users.
Here are some debunks about our application and data security:

• "My photos will be shared with third parties"
  We actually don’t use people’s faces at all in our app. We use embeddings, 512 numeral values that are not biometry. We delete this data within a maximum of 24 hours in accordance with our policy, but usually only keep it for two hours in most cases. We do not share any photos with third parties.
  
  Face embeddings are encrypted and can’t be perceived as a photo or connected to real people in any way. The images used to make a swap are only saved locally on users’ devices, and no one else has access to them.
  
  We also don’t give third parties access to our face embeddings and don’t use them for any other purposes.
  
  At Reface, we are 100% conscious of our users’ privacy. We’re constantly improving the mechanics of the service to minimize the amount of personal data used, improve security, and ensure compliance with applicable data protection laws and regulations.
  
• "Someone can create a deepfake of me without my permission"
  We’re currently working on a detection tool just for our videos. This tool will recognize fakes even if a video has been cropped, decoded, or deleted from our app. It will help us find the video’s creator and prove the fake origin of a video in case of any misuse of our technology, from scams to spreading fakes.
  
  We moderate our content and review all rights violation reports. We also have a strong community moderation culture similar to that of Instagram or TikTok, which means users can report any content they find inappropriate in our app.
  
  Reface’s mission is to give people the opportunity to modify content the way they want to with AI technology. Maximizing fun and minimizing user risks is our priority. One way we’re working on this is by imprinting a hidden digital watermark in Reface videos while training a specific neural network to recognize videos made with our system’s help.
  
• "My photo will be used for facial recognition technology"
  Reface is a tool for entertainment and self-expression, for business and content creation. Facial recognition doesn’t interest us. We envision a future of neverending creativity, not of systems of control and oppression. This means that we won’t use your photo for facial recognition technology.
  
  We’re an officially registered company operating under US law and compliant with GDPR demands. We transform our user’s photos into encrypted face embeddings and delete the originals from the cloud within 24 hours. We have no right to use users’ data for any other purposes and will never do so. We also don’t collect any other user data and don’t provide facial recognition services.
  

To build and maintain a resilient digital space, we have to be resilient ourselves. Don’t download suspicious apps from uncertified stores. Pay attention to details, and Google every app before installing it and check its developers. Don’t give your app any permissions that feel wrong to you, and keep your phone’s OS updated.

We value your feedback. If you believe to find security weaknesses or vulnerabilities in Reface app, please contact us – security@reface.ai.

Stay safe, and don’t let scammers trick you.