Check Point Research (CPR) security company claims to have conducted a preliminary security analysis on the voila application.
This is a popular application that turns someone into an avatar cartoon.
Although there is no clear red flag at this time, CPR highlights potential risks in the fact that the Voila application sends a face image to its server to be processed.
Face image, along with the details of the user identification, can end with an evil hand, if a cyber attack occurs.
“This application includes a special and unique installation ID (VDID) produced by Google Play when sending photos to verify.
These facial photos are linked to certain user installation details.
Where if there is a cyber attack, face photo and user details can potentially end In a bad hand, “said Check Point Research.
“Most users might assume that the processing of voila applications is done locally on their cellphones.
This is not the case.
The fact that is not clear here is that the company sends a face image to its server to be processed.
When a face photo is sent to the company server, this application includes ID The unique installation produced by Google Play.
So each photo is packed with the user’s identification details.
Although this fact is mentioned in the company’s privacy policy, the possibility of open data abuse – both by the company itself or by the 3rd party.
For example, if the company is hacked, The attackers have the potential to collect a large database of all the faces of the application user.
We have no way to say if the company does something illegal or evil, but I think it is important for new users to know the risks that are inherent in sending content to the server to be processed.
The risk becomes Photos or people who are and A loved face with an evil hand, if there is a violation of data or a cyber attack, “said Yaniv Balmas, Head of Cyber ​​Research on the Check point software.
At the same time checkpoint said that application analysis was written by a legitimate company registered in the UK (UK).
“In terms of permission, the application only utilizes the minimum needed for the operation.
It verifies that the image contains faces, and only after verification, the application sends it to the server to be processed.
All communications with the server are done using HTTPS, so the traffic is encrypted outside the box.
The application is said to use the famous open source library, if possible, “Add checkpoints in the report.