Reface App and Co. – How dangerous are deepfake apps?

26 Apr, 2022

Reface app in data privacy test

A quick swap – and your own face on Vin Diesel’s body is already smiling out of the camera. The fact that this is possible is due to the Reface app, a so-called deepfake application that has quickly conquered the top 10 download charts on iOS and Android. The opportunity to impersonate a celebrity and amuse oneself with “face swap videos” seems too tempting. But as the example of TikTok recently showed ingloriously, the question remains, as with many other apps: What do deepfake apps do with my personal data and how dangerous can apps like Reface be for data protection?

REFACE APP

Version: iOS 1.3.17

CVSS SCORE

8.0 (high)

U

ANALYSIS RESULT

  • T&Cs questionable: app provider gets rights to uploaded data
  • Use of multiple tracking services
  • Accesses: Location

Reface App and Co. – Dangers of Deepfake Apps

As a general rule, users should be as sparing as possible with apps to which they entrust personal data. It is true that deepfake apps are not per se more dangerous than other social media apps. But the danger lies in the individual’s hunger for data and the apps’ security measures. Since deepfake apps like the Reface app are a new trend, the danger of careless installation and data sharing is correspondingly greater due to the short-term high level of attention, as TikTok has also impressively demonstrated recently. Here, too, the app collects and exploits disproportionate amounts of data.

Reface-App im iOS AppStore.

Reface App in the iOS AppStore

Deepfake apps and data usage – Reface T&Cs questionable

To get an overview of what data the apps collect and use, it is first worth taking a look at the T&Cs of the Deepfake apps. In the case of the Reface app, it quickly becomes clear that – to put it mildly – an unequal deal is being struck. Users leave their data, including uploaded images and metadata, to the app provider. And the latter may not only store them, but also “display, reproduce, modify, adapt, edit, publish and distribute them in any way”[1]. In other words, how he ultimately uses these possibilities is beyond the user’s field of vision.

Reface app in privacy test

We put the latest version of the Reface app (iOS 1.3.17) under the microscope in our test lab. The bottom line is that the result is not surprising. Reface is one of the more data-hungry apps. For iOS, Reface secures access to the user’s location. Whether this is necessary for the app’s functionality cannot be judged at this point. Furthermore, it has implemented various tracking services like AppsFlyer, Amplitude or Mixpanel. Consequently, this result is not very pleasing. However, we cannot recommend its use from a data protection perspective due to the questionable T&Cs alone. In addition, users should be aware that other apps like WhatsApp, Facebook, etc. have almost identical clauses in their terms and conditions, and the data collection behavior is often questionable as well. Therefore, less is more – both with regard to the installation of certain apps and the data provided to the apps. [1] T&C Reface, 08/2020: https://reface.app/terms/

CHECKLIST
5 Tips for a secure app selection

Use our checklist to make your own decisions about the use of certain apps in the future. Backed up with tips and explanations, it will help you in the decision-making and app approval process.

App-Auswahl Checkliste sicherer Freigabeprozess

These news might also interest you

The best WhatsApp alternatives at a glance

The best WhatsApp alternatives at a glance

WhatsApp privacy under criticism again As of February 08, 2021, Facebook is updating its privacy policy on WhatsApp, leading to great uncertainty and criticism from users, not to mention a mass exodus to alternative messengers like Signal, Telegram oder Threema....

Jitsi Meet – A Safe Alternative to Zoom and Co.

Jitsi Meet – A Safe Alternative to Zoom and Co.

The video conferencing tool "Jitsi Meet" in a data privacy and usability test   Ever since the Corona outbreak, video conferencing tools such as Zoom and Microsoft Teams have become indispensable in the modern workplace. They enable vis-à-vis conversations and...

Heartbleed in 2017 – an examination.

mediaTest digital and CIPHRON investigate the phenomenon "Heartbleed". The vulnerability in OpenSSL named Heartbleed [CVE-2014-0160] still exists three years after their discovery. The two companies from Hanover CIPHRON and mediaTest digital have made it their...

You might also be interested in:

Whitepaper how secure is the iOS operating system

Whitepaper: How secure is iOS?

For a long time, the myth was that Apple devices are always secure. Lately, however, Apple seems to be losing its status as an impregnable fortress. Learn how to avoid the risks in our 12-page whitepaper.

The best WhatsApp alternatives at a glance

The best WhatsApp alternatives at a glance

WhatsApp privacy under criticism again As of February 08, 2021, Facebook is updating its privacy policy on WhatsApp, leading to great uncertainty and criticism from users, not to mention a mass exodus to alternative messengers like Signal, Telegram oder Threema....

Jitsi Meet – A Safe Alternative to Zoom and Co.

Jitsi Meet – A Safe Alternative to Zoom and Co.

The video conferencing tool "Jitsi Meet" in a data privacy and usability test   Ever since the Corona outbreak, video conferencing tools such as Zoom and Microsoft Teams have become indispensable in the modern workplace. They enable vis-à-vis conversations and...

Press contact

Karina Quentin | PR & Communication

press@appvisory.com
Telefon +49 (0)511 35 39 94 22
Fax +49 (0)511 35 39 94-12

Newsletter

Exclusive tips and news about apps and mobile security