The resurgence of St. Petersburg, Russia-based FaceApp has sparked renewed concerns about online privacy, and popular video app TikTok is also raising red flags among security experts.
TikTok, which is owned by Chinese tech giant ByteDance, crossed the 1 billion mark for worldwide installs on the Apple App Store and Google Play, according to data published in February 2019 by Sensor Tower, an analyst group that focuses on the mobile market.
But many users don't know it is owned by a Chinese firm, according to CNBC. Experts told the outlet this is an intentional strategy that many Chinese technology firms use as they break into U.S. markets.
"Overall, there is low awareness about the origin of these apps," Hanish Bhatia, senior analyst at Counterpoint Research, told CNBC in April. "So Chinese tech firms and apps are continuously making efforts to get rid of the Chinese tag. The idea is to position themselves as a global player."
In a statement to U.S. TODAY, a spokesperson from TikTok reiterated that protecting user privacy is a critical priority for the company.
"As part of our overall commitment to transparency, we are working with an independent, US-based internet privacy firm to audit our practices and confirm that we are employing industry-leading standards for the storage and protection of TikTok user data," the statement read.
TikTok has come under fire for privacy problems before
In February 2019 the Federal Trade Commission alleged TikTok—which merged with the musical.ly app last year—illegally collected personal information from children.
TikTok agreed to pay $5.7 million to settle the FTC's complaint, filed by the Department of Justice, which said the company violated the Children's Online Privacy Protection Act or COPPA. The act requires websites and online services to direct children under 13 to get parental consent before the company collects personal information.
TikTok is also being investigated by the United Kingdom's Information Commissioner's Office to determine if it violated the European Union's data privacy law called GDPR (General Data Protection Regulation), which requires companies provide specific protections related to children and their data, The Guardian reported.
Why should I be concerned?
Carroll said in a tweet that because FaceApp is based in Russia and TikTok is based in China, it's "safe to assume those governments can readily access your data."
Tech firms based outside of the U.S. are "subject to different standards or governance for data handling," Jason Hill, lead cybersecurity researcher at CyberInt, said. "Whilst many individuals may not be concerned by this, users working in government, military or sensitive roles may want to consider the ramifications of potentially exposing their personal data to foreign entities."
While the app's primary demographic is teenagers and young adults, a report from Claudia Biancotti at the Peterson Institute of International Economics noted that there is an active sub-community of young military service members.
"Social apps gather a lot of data on users; if this information is sent to China, it can be easily accessed by the government and leveraged, say, to make Beijing's surveillance software better at recognizing Western faces, or at extracting intelligence on Western military activities," Biancotti wrote.
Certain countries, such as Russia and China, "have shown little regard for the privacy of people using technologies based there," said Gary Davis, chief consumer security evangelist for McAfee—a Santa Clara, Calif.-headquartered cloud cybersecurity company.
"It's always best to err on the side of caution with any personal data and think carefully about what you are uploading or sharing," he said. "A good security practice is to only share personal data, including personal photos, when it's truly necessary."