advertisement
Facebook
X
LinkedIn
WhatsApp
Reddit

Check Point has some concerns about app that turns you into a cartoon

Recently you may have spotted a slew of photos where folks have seemingly become cartoon characters. Well, technically their photos have been edited by an artificial intelligence, but you get the point.

Whenever there is a new app that becomes trendy, there is also the worry that it is using the data it collects improperly or worse, putting users at risk.

One of the apps currently being used by folks to turn themselves into cartoons is Voilà AI Artist created by Wemagine.ai. It is the developer’s first application according to a statement on its website.

The app has been download over 10 million times according to data from the Google Play Store and its popularity seems to have prompted Check Point Research to do a bit of digging.

While the app isn’t malware, there are some privacy concerns that should be highlighted if you are using Voilà AI Artist.

Perhaps the most worrying bit of information Check Point Research highlights is the fact that the app is sending photos back to Wemagine’s servers rather than doing the editing on your device.

The app also provides a specific and unique installation ID that is generated by Google Play when it sends photos for verification.

This flow of information is laid out in Voilà’s privacy policy as head of cyber research at Check Point Software, Yaniv Balmas explains.

“When a face photo is sent to the company’s server, the app includes unique installation IDs that were generated by Google Play. So each photo is packaged up with user identification details. While this fact is mentioned in the company’s privacy policy, the possibility for misuse of the data opens up – either by the company itself or by a 3rd party,” says Balmas.

Of course, that risk is an if, and we would hope that Wemagine takes user security seriously. Without having intimate knowledge of the firm though we are hesitant to hand over that amount of information to a developer which just launched its first app.

Check Point Research also notes the following from its deep-dive into the app:

  • The app has been written by a legitimate LLP company registered in the United Kingdom (UK)
  • In terms of permissions, the app utilises only the bare minimum required for operation.
  • The app verifies that the images contain face(s), and only after that verification, the app sends them to the server for processing
  • All communication with the server are performed using HTTPS, so the traffic is encrypted out-of-the-box
  • The app is using well known open source libraries, where possible
  • When the photo is sent to the server, the app includes the specific and unique installation id (vdid) that was generated by Google Play, potentially linking faces to the specific installation

 

While there is nothing untoward about this app, we urge you to consider what might happen if this developer, or the developer of any other trendy app is breached.

Unfortunately most of this information is contained within a length privacy policy or it isn’t visible/accessible to the layperson.

Our advice is always to exercise caution and if you use an app such as Voilà, remember it so that if a breach happens you can take action to protect yourself.

[Image – CC 0 Pixabay]

advertisement

About Author

advertisement

Related News

advertisement