A new Chinese app – called ZAO App – that allows users to swap their faces for celebrities, sports stars or anyone else in a video clip, went viral over the weekend. Because of its convincing face-swapping technology, millions of people downloaded it. However, it soon triggered privacy issues as well.
Raises privacy and safety concerns
The ZAO app uses artificial intelligence to superimpose a user’s face onto the character in a video clip or GIF. The face-swapping app debuted on the Chinese iOS App Store on Friday, and by Sunday, it was the most downloaded free app, as per the data from tracking firm App Annie.
Along with the urge to become a celebrity, the easy-to-use interface of the app encouraged million to download this app. All you have to do to use the app is to sign up using your phone number, and then upload your image. Next, select the video in which you wish to feature. You can also share the edited video with your friends.
In case you haven't heard, #ZAO is a Chinese app which completely blew up since Friday. Best application of 'Deepfake'-style AI facial replacement I've ever seen.
Here's an example of me as DiCaprio (generated in under 8 secs from that one photo in the thumbnail) 🤯 pic.twitter.com/1RpnJJ3wgT
— Allan Xia (@AllanXia) September 1, 2019
Along with the privacy concerns, some also expressed concern over the fraudulent use of the app. Alipay, a Chinese online payment system, was among the first to highlight the issue. In a Weibo post, the payment service said no matter how advanced or “sophisticated the current facial swapping technology” is, it won’t be able to trick its payment apps.
“Even if the extremely rare case that an account is stolen, insurance companies will cover lost funds in full,” Alipay said.
Quick to address concerns
Soon after the backlash from the users, Zao came up with a statement, assuring users that it would address all privacy issues. “We thoroughly understand the anxiety people have towards privacy concerns,” the company said in a Weibo post. “We have received the questions you have sent us. We will correct the areas we have not considered and require some time.”
On Tuesday, the company announced that it had changed the user agreement to address the privacy and safety concerns raised by the users. “This is a new product. We were indeed inconsiderate about people’s core concerns,” the company said in a Weibo post.
According to a CNN report, the updated user agreement says that the app “will try its best, based on the privacy terms, to use the content you have authorized us to use within a reasonable, necessary and expressly stated extent” and “Your necessary authorization and agreement will not change your ownership of the intellectual property rights.”
This new user agreement will also be applicable to the users who signed the original terms and conditions of the app. Moreover, the company also said that it does not store “facial biometric data” on its app. Also, if a user deletes their account, the app will also delete the user information “according to the law.”
Zao also addressed the concern raised by Alipay, saying its app does not pose a payment risk as the “security threshold for facial recognition payment is extremely high.”
Should you still trust the ZAO app?
Despite the assurances from the company, one security researcher found that the clips, which the app generates, can be accessed by anyone even if the user deletes the app, or even removes the app itself.
Robert Baptiste (with a Twitter handle Elliot Alderson) claims that the app stores the video clips in a backend cloud. Anyone with a correct URL can access it. To prove it, the security researcher generated a video clip using the ZAO app by superimposing his face onto the body of Sheldon Cooper, a character in the American TV series The Big Bang Theory.
Baptiste then intentionally deleted the video in the app, but discovered that it was still available on Zao’s backend systems.
Yesterday, thanks to the #ZAO app I created a video with my face on Sheldon Cooper. This morning, I deleted the video in the app (no more available in « My Creation » tab)
— Elliot Alderson (@fs0c131y) September 3, 2019
Momo, which is popular for making dating apps, is the publisher of the ZAO app. Momo listed on the NYSE in 2014. As of now, there have been no comments from Momo. If you also want to try this face-swapping app, then you can download it from this link, although be aware of the issues.
There have been several instances previously, where face-swapping apps like ZAO quickly went viral but came under attack owing to their privacy policies. One such app was FaceApp, which first went viral in 2017 for its use of AI to allow users to see how they would look when they grow old. The same app garnered the limelight a couple of months back as well, but privacy concerns soon engulfed it.