Reface App and Co. – How dangerous are deepfake apps?

A quick swap – and your own face on Vin Diesel’s body is already smiling out of the camera. The fact that this is possible is due to the Reface app, a so-called deepfake application that has quickly conquered the top 10 download charts on iOS and Android. The opportunity to impersonate a celebrity and amuse oneself with “face swap videos” seems too tempting. But as the example of TikTok recently showed ingloriously, the question remains, as with many other apps: What do deepfake apps do with my personal data and how dangerous can apps like Reface be for data protection?

Reface App and Co. – Dangers of Deepfake Apps

As a general rule, users should be as sparing as possible with apps to which they entrust personal data. It is true that deepfake apps are not per se more dangerous than other social media apps. But the danger lies in the individual’s hunger for data and the apps’ security measures. Since deepfake apps like the Reface app are a new trend, the danger of careless installation and data sharing is correspondingly greater due to the short-term high level of attention, as TikTok has also impressively demonstrated recently. Here, too, the app collects and exploits disproportionate amounts of data.

Reface App in the iOS AppStore

Deepfake apps and data usage – Reface T&Cs questionable

To get an overview of what data the apps collect and use, it is first worth taking a look at the T&Cs of the Deepfake apps. In the case of the Reface app, it quickly becomes clear that – to put it mildly – an unequal deal is being struck. Users leave their data, including uploaded images and metadata, to the app provider. And the latter may not only store them, but also “display, reproduce, modify, adapt, edit, publish and distribute them in any way”[1]. In other words, how he ultimately uses these possibilities is beyond the user’s field of vision.

Reface app in privacy test

We put the latest version of the Reface app (iOS 1.3.17) under the microscope in our test lab. The bottom line is that the result is not surprising. Reface is one of the more data-hungry apps. For iOS, Reface secures access to the user’s location. Whether this is necessary for the app’s functionality cannot be judged at this point. Furthermore, it has implemented various tracking services like AppsFlyer, Amplitude or Mixpanel. Consequently, this result is not very pleasing. However, we cannot recommend its use from a data protection perspective due to the questionable T&Cs alone. In addition, users should be aware that other apps like WhatsApp, Facebook, etc. have almost identical clauses in their terms and conditions, and the data collection behavior is often questionable as well. Therefore, less is more – both with regard to the installation of certain apps and the data provided to the apps. [1] T&C Reface, 08/2020: https://reface.app/terms/