Security research company Check Point Research (CPR) claims to have conducted preliminary security analysis on the Voila app. This is the popular app that turns a person into a cartoon avatar. Although there are no clear red flags at this time, c p r The potential risk is highlighted in the fact that the Voila app sends facial photos to its servers for processing. In the event of a cyber attack, facial images with user identification details can fall into malicious hands.
“The app contains the unique and unique Installation ID (vdid) generated by Google Play when it sends the photos for verification. These face photos are linked to the specific user installation details. Where in the event of a cyber attack, the face photos and the user The details could potentially end up in malicious hands,” says Check Point Research.
“Most users assume that Voila app processing is done locally on their phone. This is not the case. A non-obvious fact here is that the company sends facial photos to their servers for processing. When When a face photo is sent to the company’s servers, the app includes unique installation IDs that were generated by Google Play. Then each photo is packaged with user identification details. While the company’s privacy policy states this fact As mentioned, the data opens up the potential for misuse – either by the company itself or by a third party. For example, if the company is hacked, the attacker could potentially make a huge difference to all the faces of application users. We have no way of telling if the company is doing something illegal or malicious, but I think it’s important for new users to be aware of the risks inherent in sending content to servers for processing. Be aware that in the event of a data breach or cyber attack, your or your Photos of ripe loved ones run the risk of falling into malicious hands,” says Yaniv Balmas, chief cyber research On check point software.
At the same time checkpoint says that the analysis of the app is written by a legitimate company registered in the United Kingdom (UK). “In terms of permissions, the app uses only the bare minimum required for operation. It verifies that the images contain faces, and only after that verification, the app sends them to the server for processing. All with the server Communications are performed using HTTPS, so the traffic is encrypted out-of-the-box. The app is said to be using well-known open source libraries where possible,” Checkpoint adds in its report.
.