AI lenses have recently become a prima donna application among social media users for creating unique selfie photos. But some security researchers warn of hidden dangers behind the AI Lens app.
The popularity of AI Lens skyrocketed after they launched the Magic Avatar feature. This paid feature allows users to turn ordinary selfies into unique illustrations with various styles using artificial intelligence (AI).
AI lenses need at least 10 photos to create a new avatar in various styles. Of course, users have to upload their photos to the AI Lens server, and because the uploaded photos are in the form of facial selfies, you have submitted biometric data to the application developer.
In its privacy policy, AI Lens says it collects and stores users' Face Data for online processing functions. Photos are then deleted within 24 hours of completion of processing by Lens. If you use the Magic Avatars feature, the photos will be deleted automatically after the AI creations are created.
Even though he has outlined his privacy and security policies, AI and cybersecurity expert Mari Galloway still asks AI Lens users to be careful when using the application.
"We don't know what they're going to do with that data, that information," Galloway said, as quoted from Today.com, Wednesday (14/12/2022).
"They don't store photos and videos longer than 24 hours. But do we really know what they do with the photos? How do they delete them? How is the data encrypted? We don't really know those details because they don't share that information with us ," he continued.
Andrey Usoltsev, CEO and co-founder of Prisma Labs said: "We are working on updating the privacy policy of AI Lens. But he emphasized that the user's photo will be immediately deleted from the server after the avatar is created and the server is located in the United States.
Galloway also warns users about sharing personal data with apps like AI Lens. When opening a new account, users must of course provide their name, email address, and home address.
Galloway said this information, if it fell into the hands of irresponsible people, could be used to track a user's location, or even open fake bank accounts or credit cards.
In the terms and conditions of the application, the AI Lens developer also says that they can reproduce, modify and distribute user photos without additional compensation for users.
"By using Lens you are granting permission to have the resulting photograph be placed in a database with other identifiable information," said ESET cybersecurity expert Jake Moore.
"This database contains valuable information that could potentially be used with facial recognition technology, raising concerns about data theft," he continued.
"Lens also appears to make users consent to their images being created to be shared with third parties which people often don't realize is a problem. Cybercriminals actively seek such information for illegal use," added Moore.
