Hidden Risks in Face-swapping Apps? "去演"App換臉當明星 個資恐遭中國盜取

Many people don't think twice about using photo editing apps to make themselves look more attractive. However, many of these apps have hidden privacy and information security issues. PRC companies have, in recent years, developed artificial intelligence face swapping apps that may secretly send data back to China or abuse user data. One information security expert says these kinds of phone software are tied to e-mail accounts and save photos to photo albums. Therefore, everyone should exercise caution.


Photo editing apps are all the rage these days. In most cases, users only have to register their e-mail account with these apps to upload photos. However, these apps come with many hidden information security risks.
 
When facial data is combined with personal information, apps can recognize your identity and track you wherever you go. They can also place use your face to create fake videos and photos.

Experts say all the data an app can access can be abused and falsified. Before using an app, netizens should check the app's settings and review permissions and restrictions. Many have privacy concerns about the popular Clubhouse app, which uses technology developed by a Chinese company.
 
If the app gets access to your call log, it can analyze who your friends are. It then asks you if you want to invite your friends to use the app. (The PRC audio technology) is used by many companies. Are there information security concerns? Of course it's possible. More analysis is needed.
 
According to national security officials in Taiwan, the face swapping apps developed in China in recent years require facial recognition for verification and it is unknown whether any data is being sent to Chinese databases. One lawmaker is calling on relevant agencies to block "red infiltration" apps from China.

(Built-in) phone apps are reviewed by the NCC. In general, apps are reviewed by the Ministry of Economic Affairs. These Chinese apps cannot be used by government employees. In general, we cannot restrict citizens from using these apps. However, we try to tell everyone that Chinese apps have information security risks.
 
The Executive Yuan says government employees are not allowed to use Chinese apps and any personal phones with potential security issues are restricted from connecting to government networks. Currently, different agencies are responsible for different aspects of information security. A digital development ministry is planned to take this area over. The draft bill will be sent to the Legislative Yuan later this year.
 
 
 
無論是歐美明星想演楊貴妃,還是中年男性要當女主角,想化身經典電影或戲劇角色,不用真的參與演出,只要利用這款App就能辦到。但使用這類軟體之前,大多要先綁定信箱、上傳照片,這些都存在資安風險。
 
台科大資安研究中心主任 查士朝表示:「人臉的資料,跟你的個資,做一些連結了之後,那對基本的來講,它第一個,就是能夠辨識出來,就是說,你這個人,到底有沒有出現在某些地點。換臉,或者是把你的臉的這個資訊,去造假的這個影片,這個也是有這樣子可能的一些應用。」
 
學者指出,這些人臉、照片、信箱資訊,有可能被盜用、造假,使用前可以查看「設定」,看哪些資訊被允許存取;至於近期很夯的Clubhouse,則是其中有使用到中國企業開發的聲網技術,讓外界質疑,是否也有資安疑慮。
 
台科大資安研究中心主任 查士朝表示:「抓取你的通訊錄的資料之後,那它會用這個東西去判斷說,你到底有哪些朋友?然後,它會問你說,你要不要寄邀請碼給他?(中國聲網技術)很多家公司,都有用到它的這個聲音傳輸的這個技術,是不是真的有這樣子的資安威脅?這個可能當然還要,再做更進一步的判斷。」
 
國安單位調查,中國近年來,積極開發AI換臉技術的應用程式,像「去演App」在認證時,必須進行臉部辨識,相關資料有沒有可能傳往中國資料庫,持續引發關注,有立委呼籲相關部門,必須慎防中國App的紅色滲透風險。
 
行政院資安處長簡宏偉表示:「對於手機(內建)的App,有NCC它會去做檢測。對於一般的App,是有經濟部這邊會去做檢測。屬於中國的這種App,在政府機關是不能用的。原則上,我們不能去限制說,民眾你可以用或不能用。我們會多去宣導,這些都有它的一些資安疑慮。」
 
政院指出,公務機關禁止使用中國開發的手機軟體,有疑慮的個人手機,無法連結公務環境;至於現行的資安檢測分散各部會,確實需要盤整,目前規劃新設的「數位發展部」就會整合這些業務,希望相關草案,能在新會期開議前後,送進立院。
 

九合一選舉指南