VID PROJECT

FACEAPP
Many cybersecurity specialists raised red flags regarding the corporate behind the app, the Russia-based “Wireless research lab.” As per their terms and conditions, they need the complete freedom to use your photos in any manner they need. Security awareness knowledgeable at Safr.Me, Henry M. Robert Siciliano feels that such apps don't seem to be in control of taking chunks of your knowledge.
“Consumers simply assume it’s fun and blindly share. There has been loads of worry concerning Russian-based firms whose hands area unit being forced by the Russian government [when] they need a backdoor access to the companies’ knowledge and servers.”
FaceApp’s privacy policy states that its affiliates and repair suppliers “may transfer data that we have a tendency to collect regarding you, together with personal data across borders and from your country or jurisdiction to alternative countries or jurisdictions round the world.”
Every time you transfer your image to the cloud in FaceApp, the exposure might be used overseas in numerous countries, like Russia. whereas their servers area unit reportedly settled within the u. s., the firm’s privacy policies don’t justify however specifically it safeguards user knowledge.
Exploiting knowledge for face recognition
Since FaceApp owns the pictures uploaded to its service, and that they have the liberty to use them in any manner they please. they will use the sell the photos to advertisers, splash them across billboards, and most worryingly, use it within the development of face recognition technology. By exploitation the app, you're giving the corporate the proper “to use, reproduce, modify, adapt, publish, translate, produce spinoff works from, distribute, in public perform and show your User Content and any name, username or likeness provided in reference to your User Content altogether media formats and channels currently familiar or later developed.”
Siciliano added , “Any app gathering knowledge points that might cause face recognition ought to be of concern particularly once it’s being employed by government agencies, foreign firms or foreign intelligence.”

TINDER
As per researchers from cybersecurity firm Checkmarx, Tinder’s iOS and Android apps have two distinct security flaws. These flaws will give hackers a way to see:
Which profile photos a user is looking at.
If they are positively and negatively reacting to a particular image.
Having said that, the names and other personal information are encrypted, so they are not at risk.
Deeper look into Tinder’s vulnerabilities
As per Checkmarx, Tinder’s vulnerabilities are related to the inefficient use of encryption. Since the apps don’t use the secure HTTPs protocol to encrypt the profile pictures. Due to this, the attacker can intercept traffic between the user’s mobile device and the company’s servers. This gives them the power to:
See the user’s profile picture.
See all the pictures he or she reviews.
By using this data, the attackers can replace an image with a different photo, an advertisement, or link out a website which contains malware or a call-to-action designed to steal personal information. Tinder released a statement saying that while its desktop and mobile encrypts the profile images, they are working towards encrypting the images on their apps too.
However, according to Justin Brookman, director of consumer privacy and technology policy for Consumers Union, the policy and mobilization division of Consumer Reports, this may now be enough. Brookman said, “Apps really should be encrypting all traffic by default — especially for something as sensitive as online dating.”
Brookman also stated that the problem gets even worse when you consider the fact that it is difficult for the average person to determine whether a mobile app uses encryption. With a website, you can simply look for the “HTTPS” at the start of the internet address. There is no simple way to do that in a mobile app.
Another security issue for Tinder stems from its very architecture. Different data is sent from its servers depending on whether the user is swiping left or right. While the data itself is encrypted, the researchers can tell the difference between the two responses by just looking at the length of the encrypted text. What this means is that just by looking at the size of the text, the attacker can figure out how the user responded to a particular image.
So, we can conclude that an attacker can see the images the user is looking at, and how they are responding to those images.
Amit Ashbel, Checkmarx’s cybersecurity evangelist and director of product marketing, said, “You’re using an app you think is private, but you actually have someone standing over your shoulder looking at everything.”