What Are the Security Risks Associated with Face-Altering App Voilà AI Artist?

The app turns selfies into Pixar-style animated characters.

  • Published
  • Updated
Mobile Phone, Cell Phone, Electronics
Image via PM Images

Claim

There are data security risks associated with the face-altering app Voilà AI Artist Cartoon Photo.

Rating

Context

Security risks associated with data collection are inherent in many applications. Though the company that operates Voilà AI Artist Cartoon Photo collects data from individual users, it is not yet known to what extent these pose security risks that are unique from other data-collecting applications.

Origin

Transforming a selfie into a Pixar-style cartoon character may be entertaining, but in June 2021, a number of media outlets reported that there may be potential security risks to personal data and information by using such smartphone technologies. 

One such app is the Voilà AI Artist Cartoon Photo available to iPhone and Android users. As of this writing, there were over 91,000 ratings between Apple iTunes stores and Google Play from users who had used the artificial intelligence software to digitally turn their selfie or portrait into a cartoon character or Renaissance-era painting. The app was created by Wemagine.ai LLP and can be downloaded for free — but may come with a certain security cost. 

“We are a tight knit team of two founders, creative directors, creators and developers who are passionate about combining human’s creativity and AI’s capabilities to create remarkable products,” read the company’s website

A look through the app’s privacy policy revealed that potential security risks associated with its use were on par with other data-collecting platforms. As of March 1, 2021, the app’s privacy practices, which were not verified by Apple, read as follows:

“We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.” 

In short, though the company that operates Voilà AI Artist Cartoon Photo collects data from individual users, it is not yet known to what extent these pose security risks that are unique from other data-collecting applications.

“Some magazines [and] websites, unfortunately, went with publishing news claiming there are security risks on Voila, and as it is very important to trust the app you share and use,” a spokesperson for Wemagine told Snopes in an email. “While we understand the intention to keep users informed about their risk about their data, some of the writings and assumptions on how all developers will somehow misuse data can create misunderstanding and distrust from users.” 

But here’s what we do know. 

Like many other app-hosting companies, Wemagine.ai LLP can collect personally identifiable data from users such as how long a person visits a particular page (usage data) and small files stored on a device known as cookies. Browser information, phone models and purchase history, photos uploaded from the mobile device while using the app — including those from the camera or camera roll — and their metadata may also be collected by the company. 

Wemagine affirms that it does not use photos and facial features for any reason other than for the portrait and editing functionality of Voilà AI Artist App.

“Regarding photos specifically, we do not collect or store them on the server, only for processing, and even for that we can’t access them. They are not used in any way to do anything other than creating the cartoons or arts. Not used for further improvement or datasets as well. They are merely ‘passing through’ servers we use (and it’s all located in the USA by google cloud) to only process the photo into cartoon or art. It’s no different than any other typical ‘photography’ apps which do not use AI,” said the Wemagine spokesperson.

But data collected can be outsourced to other partners. For example, collected data is sometimes managed by a “data controller” — a person who can determine the purposes for which and the way any personal data are, or are going to be, processed. 

Information and personal data may also be transferred to and maintained at computers outside of a user’s home location in areas where data protection laws may differ. But in providing consent to the privacy policy, a user grants the company the ability to do so.

And though Wemagine said that it does not sell or rent personal information to any third parties “for any purpose,” it can release personal data to law enforcement, subsidiaries of the company, contractors, and third parties who are supporting the business. 

“The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure,” reads the privacy policy. “While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.” 

As a user, you have the right to request copies of information held by the company or require that they modify, update, or delete such information. You can also block them from using your data or limit in the way in which the company uses it.  Contact voilaartist@wemagine.ai to make such requests or to withdraw consent to use personal data. 

Recent Updates
  1. Update [June 15, 2021]: This article was updated to include comments from Wemagine.
  • Published
  • Updated