Are Apps Like Lensa AI Putting Your Data Security at Risk?

Are Apps Like Lensa AI Putting Your Data Security at Risk?

One constant of social media is that there is always a new fad for people to get excited about. One constant of cybersecurity is that there are always new ways for personal and company data to be breached.

The latest fad that has data security experts worried is Lensa AI and its Magic Avatars. You may have seen friends or family post a fantastical image of themselves that looks like it’s out of a game or movie. It was likely from Lensa. 

The problem is that many people, including your employees, download these apps without thinking because they can’t resist joining in and having what everyone else has. But this can pose a big risk to data security.

You might think that the number one thing business owners and executives worry about when it comes to BYOD is a phone getting hacked or lost. But it’s not.

The top two concerns  of surveyed business leaders when it comes to employee devices being used for work are:

  1. Data leakage from users downloading unsafe apps or content (63%)
  2. Users downloading unsafe apps or content (57%)

Lensa checks those boxes due to its overreach of data collection and tracking capabilities. Next, we’ll go through what Lensa is and what you need to know about the app’s data privacy risk.

What Is Lensa AI & Magic Avatars?

Lensa AI is a smartphone app that takes the photos a user uploads and uses AI to generate photo-realistic images called Magic Avatars. These computer-generated “selfies” put people in different fantasy backgrounds and look like an artist created them by hand.

The app recently became popular on social media and quickly spread like wildfire as people saw the pictures in their feeds and asked friends how they got them. 

Lensa is owned by Prisma Labs, a U.S. company that was founded in 2016. 

Graphical user interface, Teams

Description automatically generated

Lensa Magic Avatars. Image is from the Prisma Labs website

Why You Need to Beware of Employees Adding the Lensa App to a Work Device

Now, let’s talk about the data privacy concerns of Lensa, of which, there are many.

Data Collection Outside the App

Data leakage is when sensitive data is accidentally exposed. It’s different from a data breach in that it’s unintentional and not the result of a cyberattack. Data leaks often happen when employees don’t know any better and download apps on their work devices that collect data outside the app.

Apps like Lensa grab all sorts of data from user devices, like tentacles reaching out to scrape whatever may be useful for advertising purposes. Lensa’s Privacy Policy notes that the following types of data are collected by the app.

  • User content (such as the images you upload, your name, email, etc.)
  • Device information (such as your IP address, the device’s unique identifier, OS, and mobile network information)
  • Lensa usage details
  • Through third-party analytics tools like Google Firebase, Meta, and others, it collects details outside the Lensa app:
    • Websites you visit
    • Purchases
    • App usage
    • Geo data
    • And more

Loss of Rights to Images

Users that upload images basically give those over to Lensa to use as it wishes. And if those photos are taken at work, this could cause an issue with anything sensitive caught in the background. The app requires users to upload between 10 to 20 photos to generate their avatars.

A section from the Lensa AI Terms that users agree to when downloading the app states:

“…solely for the purposes of operating or improving Lensa, you grant us a time-limited, revocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable, sub-licensable license to use, reproduce, modify, distribute, create derivative works of your User Content, without any additional compensation to you…”

The Use of Third-Party Trackers

Lensa’s privacy policy notes that it uses third-party analytics tools for data collection purposes. The tools listed on its policy are:

  • Google Firebase
  • Meta
  • AppsFlyer
  • Amplitude

This exposes any data from the device to a whole other level of risk. Some of these companies aren’t known for protecting the data of users or acting responsibly when it comes to transparent data collection.

For example, Meta is being sued by Facebook users that accuse the company of using a loophole on iOS devices for tracking user activity, even though they used Apple’s app restriction feature. 

In 2018, Google Firebase had an incident where thousands of mobile applications on both Android and iOS exposed over 113 gigabytes of data from Firebase databases.

Lensa does allow this third-party tracking to be turned off, but that doesn’t keep the device protected from other forms of tracking done by the app itself. Plus, once data is leaked, you can’t undo the security harm. The genie is out of the bottle.

Improve Mobile Device Security with Help from Haxxess

Haxxess can help your Northern Ontario business review your mobile device security to reduce the risk of data leakage that can cause compliance and data security issues.

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.