Privacy concerns are being raised about a new app that allows users to upload profile pictures and apply various filters to them - including one that makes the picture look like a painting.

The wildly popular app is called NewProfilePic Picture Editor in Apple’s App Store and NewProfilePic: Picture Editor in the Google Play store.

According to Snopes.com, claims began to spread around the Internet that the app was installing malware onto users’ devices, that its parent company was based in Moscow and sending information to the Kremlin, and that the app was illegally stealing other information from users’ phones.

A spokesperson for Photo Lab, the Linerock brand that operates NewProfilePic, said the claims being made against the app are not true and “found that they were largely without merit or unsubstantiated.”

In an email to McClatchy News, Photo Lab’s spokesperson said that most of the brand’s employees are based out of offices in Russia, Ukraine and Belarus. However, the company has never had an office in Moscow, and “all user photos are hosted and processed on the Amazon AWS and Microsoft Azure servers, which are located outside the Russian Federation.”

A Photo Lab blog post says the servers are in the United States.

While the company’s domain was originally registered to the former Moscow address of the company’s founder, that person “does not live in the Russian Federation at the moment.” The domain address has been changed “in order to avoid any confusion,” the spokesperson said.

She added that Linerock “did not and (does) not plan to have any affiliation with any governmental organizations of any country.”

What we know about the app

The spokesperson said “as for users data, we do not keep and share any user information in a way that is not listed in our Privacy Policy.”

“The NewProfilePic app does not store users’ accounts or any personal data,” she said.

According to the app’s privacy policy on the App Store, NewProfilePic may collect some data that “may be used to track you across apps and websites owned by other companies.” That data includes “identifiers” or your “device ID,” advertising data, crash data, and “product interaction,” the policy says.

Some of that data is collected by the app but not linked to a user’s identity, the policy says, including user ID and device ID data, advertising data, crash data, product interaction information, and a user’s photos and videos, according to the policy.

That definitely sounds like a lot of information, but plenty of other apps, including popular social media ones like TikTok and Instagram, also receive access to your camera roll and your device’s information.

For example, Instagram’s privacy policy reveals that the website collects a on its users, from your messages, to what features you use, to what kind of devices you’re using to access the platform.

Security concerns about the rest of the Internet

For instance, TikTok says that it collects users’ email addresses, phone numbers, browsing history, and their approximate location. That information may be used for advertising, product personalisation, and other functions of the app, according to the app’s privacy details in the App Store

And a 2022 study by the mobile marketing company URL Genius, said that YouTube and TikTok collect more data on users than Twitter, Instagram and Facebook

Other apps also collect a significant amount of user data. For example, the dating app Tinder says on its privacy page that it collects users’ approximate and precise locations, email addresses, contacts, photos and videos, and other undisclosed “sensitive info” that could be used for advertising, analytics, product personalisation and app functionality.

So, how can I stay safe online?

There are several tips privacy experts offer when it comes to staying safe on the Internet.

According to the National Cybersecurity Alliance:

People should make sure that the software on their devices, including apps, are up-to-date in order to minimise security risks.

They should also get rid of programs they aren’t using so the information can’t be quietly collected.

People should review the privacy settings of the apps they use and make sure their devices’ privacy settings are up-to-date.

Avoid using unfamiliar or unsecured WiFi networks to handle sensitive material, such as financial information.

Also, people who are extra concerned about the privacy of their devices can even disable their “ad identifier,” which is “a string of letters and numbers that uniquely identifies your phone, tablet, or other smart device” and is used by companies to track users’ data across programs and devices, according to the Electronic Frontier Foundation. -

 - TNS