FaceApp icon
Users should be wary about sharing their facial likeness so openly FaceApp

If you haven't tried out FaceApp yet, no doubt your Facebook and Twitter feeds have been flooded by those who have. The free iPhone app, which lets you see what you'd look like if you were younger, older or a member of the opposite sex, has caused quite a stir since being launched in February and rocketing to the top of the app charts, after being downloaded by millions of users.

But don't be too hasty to jump on the bandwagon. Security experts have warned that people who use FaceApp may be putting their personal information at risk, including the pictures they are sharing of themselves.

Michael Bradley, a managing partner at law firm Marque Lawyers, told ABC Australia: "Anyone who has placed their face online in conjunction with their name and other identifying data (for example, anyone with a social media profile or website profile), is already plenty vulnerable to being digitally captured for future facial recognition uses."

So what information are users surrendering when they use FaceApp exactly, and should they be worried?

"When you use our Service, our servers automatically record certain log file information, including your web request, Internet Protocol address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information," reads FaceApp's privacy policy.

The app uses "device identifiers" allowing the company to monitor how you browse and use the app in order to target you with "personalised content... which could include online ads or other forms of marketing".

Users must also agree to have their information shared "with businesses that are legally part of the same group of companies that FaceApp is part of, or that become part of that group." The policy does not state what companies this includes.

In the event that FaceApp is sold to another company, all of your personal information may be sold along with it, although the terms state that users will still own the content they upload and that the buyer "will have to honour the commitments we have made in this Privacy Policy."

FaceApp collage
FaceApp transforms your face with a variety of humorous effects FaceApp

Lee Munson, security researcher at Comparitech, suggested that FaceApp's privacy policy is fairly typical of smartphone apps.

"It's a standard privacy policy – the company shares some limited data with third parties, may transfer ownership if company is sold, et cetera," he told IBTimes UK. "Not particularly awesome for privacy-concerned users but no different to what 99.999% of other companies are doing."

Still, the lack of a hardy privacy policy is more pertinent when dealing in facial recognition technology, particularly when users are uploading possibly the most personally-identifiable piece of information they could provide: their own face.

"As should be the case across the board, people would be advised to think about how your data might be used before downloading an app and agreeing to its privacy settings," said David Emm, principal security researcher at Kaspersky Lab.

"In addition to the data conundrum, with facial recognition and biometrics looking like the new frontier of authentication, we should all be wary about sharing our facial likeness without a second thought. Our faces could conceivably become a mechanism for authentication, so we may soon have to start treating our faces like passwords and being aware that data obtained by companies such as FaceApp can easily fall into the hands of cybercriminals and be used to spoof our identities."