The hugely popular FaceApp seems fun on the surface and an ingenious way to peek into your future — but concerns are being raised about the clever app.
Severe privacy concerns have been raised about the app, which uses artificial intelligence to transform your current face into your younger and older selves.
People raised fears on Twitter and other social media sites that on iPhones, FaceApp would be able to see and upload all your photos, including screenshots with sensitive financial or health information or photos of kids with the names of their schools in the background.
That's not actually true, but the scuttle serves as a good reminder to think twice before downloading new apps.
Even large, mainstream apps routinely collect user data. But many trendy-at-the-moment apps are guilty of mining user data as a primary purpose.
Further concerns were raised yesterday when Senate Democrat Chuck Schumer, wrote in a letter to the FBI and Federal Trade Commission that he's concerned FaceApp could pose "national security and privacy risks for millions of U.S. citizens."
The New York Democrat asked the two agencies to assess the situation and see if the "personal data uploaded by millions of Americans onto FaceApp may be finding its way into the hands of the Russian Government."
As for FaceApp, the app grabs a photo only if you specifically select it to see your face change, security researcher and Guardian Firewall CEO Will Strafach said.
The confusion comes from an iPhone feature that shows your photo library within the app.
It is an Apple feature that lets you select a specific photo but doesn't give the app full access to the library, even though it may appear that way.
You have the option of granting access to your entire photo library, but even then, there is no evidence the app is uploading anything other than the photo selected.
"I'm always looking for privacy concerns," said Mr Strafach, who used a network analyser tool to track what was happening.
"When it's not happening, it's not happening."
There's also a version of FaceApp for Android, but those phones don't tap photo libraries the same way.
That's not to say the app isn't free of problems, Mr Strafach said. Among other things, photos are sent to the cloud for processing in both the iPhone and Android versions, exposing them to hacking and other problems.
FaceApp does not explicitly tell users the photos are being sent to the cloud.
Some apps try to limit exposure by doing the processing on the devices themselves, not in the cloud.
It says it does not sell data to third party apps but lists many exceptions, including one that allows it to share data after removing information that identifies users.
FaceApp, which was developed in Russia by Wireless Lab, has had surges of viral popularity before. The app also allows people to swap their genders or add facial hair or make-up.
Wireless Lab told technology news site TechCrunch it might store users' photos in the cloud, but "most" were deleted after 48 hours.
It said no user data was transferred to Russia.
The company told TechCrunch users could request to have their data deleted. Even with those admissions, Mr Strafach urged people to resist the pull of the app.
He said the app should have been upfront and told users it was processing photos in the cloud rather than on phones.
"Bottom line is they were handling sensitive data and they handled it cavalierly, and that's just not cool," he said.