A new phone app which offers users a free digital avatar is taking facial-recognition quality photographs and sending them to Moscow, prompting major concerns within the cyber security community.
Tens of thousands of people have already uploaded their photographs to the servers of the New Profile Pic app in return to the free avatar. However, many will be unaware that the company behind the app, Linerock Investments, is based in an apartment complex overlooking the Moscow River, beside Russia’s Ministry of Defence and just three miles from Red Square.
Jake Moore, Global Cybersecurity Advisor, ESET Internet Security told MailOnline that people have to be incredibly careful when uploading photographs or personal data to a brand new website.
He said: ‘This app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country.’
Internet users have been warned against using a free new photo avatar creator because the company which developed it is based in Moscow
The website for for the company is registered in Moscow, Russia, according to the who.is database
The firm offers high quality digital avatars if people are willing to upload a photograph to their computer servers
The developers use special recognition technology to pinpoint required facial key points to apply the effect to the photograph
The company behind the App is called Linerock Investments Ltd, who according to the International Consortium of Investigative Journalists Offshore Leaks data base, is registered in Moscow.
It has a shareholder based in Panama City, while a director is based in Russia.
In 2017, a St Petersburg-based company released FaceApp, which allowed users to upload a photograph which would be aged using Artificial Intelligence. A viral challenge prompted warnings from security experts about the amount of data the app was sending to Russia.
According to the new app’s promotional material: ‘The world around us is fast-paced and always evolving. In this ever changing world, why stick to one profile pic on your social media? Let it be different, always new and… made by AI!
‘The NewProfilePic app lets you change your user image style as often as you want. Dare to be different, with a profile pic that reflects your current mood or state of mind. Impress your friends on social media and keep them interested in what’s coming next! ;)’
By agreeing to download the app, users are willing to share their location, details about the device they are using as well as other photographs on their social media feeds.
The company’s data policy is clear that ‘we collect certain personal information that you voluntarily provide to us’.
It continues: ‘We collect your name, email address, user name, social network information and other information you provide when you register.’
They also collect data on the user from other companies and combine it with their own dossier.
The firm also collects the IP address, browser type and settings from a computer or the device data from a mobile phone handset.
The App offers ‘the latest AI technology’ and a ‘constantly updated collection of amazing styles’.
Explaining how the technology works, the App developers said: ‘Whenever you choose an effect that involves face manipulations we use special face recognition technologies to detect a photo; find required facial key points, and apply the effect to your photo.’
The company behind the app is Linerock Investments Limited who are based in an apartment complex in Moscow
Despite the threat posed by the App, users have praised its ease of use and quality of the avatars
Some have decided against uploading their own photographs and instead used an image of Roger Moore playing secret agent Simon Templar
On Apple’s App Store, the App is number one in the photo and video chart, while more than 25,000 have rated it on the Google Play Store
This user claims ‘he should’ve never have been given access to this app’
The app can transform an ordinary photograph into a digital avatar in a matter of seconds
This user praised the rejuvenating quality of the app which was able to remove some wrinkles
One security expert warned: ‘This app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country’
The firm claims the ‘detected key points may be kept along with the photo on the servers of our providers for up to two weeks from the last interaction with the photo… to speed up further processing of the same photos’.
On Apple’s App Store, the App is number one in the photo and video chart, while more than 25,000 have rated it on the Google Play Store.
One user said: ‘This is the best app for cartoon images of photos. Hands down the best. Need more. We need a full body, or torso. Also I would love to see Animation like Ai Face Animator.’
Mr Moore warned: ‘Before people upload photos or other personal data to a brand new website, they must carry out their own due diligence where possible.
‘Although most people will not question the possibilities of anything untoward occurring from simply uploading a photo, the amount of data taken under the radar can often be far more than the user intended on sharing which can cause security and privacy problems.
‘This app is likely a way of capturing people’s faces in high resolution and I would question any app wanting this amount of data, especially one which is largely unheard of and based in another country.
‘Regardless of where they are based, I would always err on the side of caution when handing over sensitive data as once it has gone it is virtually impossible to gain control of it back.’
Kathleen Polezhaeva of Linerock Investments Ltd told MailOnline: ‘We are a BVI company with development and customer support offices in Russia, Ukraine, and Belarus.
‘The top management of the company and the managers of the majority of the projects, including myself, are based out of these countries.
‘All user photos are hosted and processed on the Amazon AWS and Microsoft Azure servers, which are located outside the Russian Federation.
‘The address on Moscow River is the address of lawyers who registered the company. We have never had an office there.
‘It is true that the domain was registered to the Moscow address. It is the former Moscow address of the founder of the company. He does not live in the Russian Federation at the moment. By now the address has been changed in order to avoid any confusion.
‘We understand that due to the current events in Ukraine, any connection to Russia could raise suspicions.’
She stressed the company is not affiliated with any particular government or country.
MailOnline has approached Apple and Google for a comment.
The International Consortium of Investigative Journalists had already included Linerock Investments Ltd on its Offshore Leaks database, showing the firm’s registered address was in Central Moscow
The app offers users the opportunity to create quick digital avatars of themselves