One constant of social media is that there is always a new fad for people to get excited about. One constant of cybersecurity is that there are always new ways for personal and company data to be breached.
The latest fad that has data security experts worried is Lensa AI and its Magic Avatars. You may have seen friends or family post a fantastical image of themselves that looks like it’s out of a game or movie. It was likely from Lensa.
The problem is that many people, including your employees, download these apps without thinking because they can’t resist joining in and having what everyone else has. But this can pose a big risk to data security.
You might think that the number one thing business owners and executives worry about when it comes to BYOD is a phone getting hacked or lost. But it’s not.
The top two concerns of surveyed business leaders when it comes to employee devices being used for work are:
Lensa checks those boxes due to its overreach of data collection and tracking capabilities. Next, we’ll go through what Lensa is and what you need to know about the app’s data privacy risk.
Lensa AI is a smartphone app that takes the photos a user uploads and uses AI to generate photo-realistic images called Magic Avatars. These computer-generated “selfies” put people in different fantasy backgrounds and look like an artist created them by hand.
The app recently became popular on social media and quickly spread like wildfire as people saw the pictures in their feeds and asked friends how they got them.
Lensa is owned by Prisma Labs, a U.S. company that was founded in 2016.
Lensa Magic Avatars. Image is from the Prisma Labs website
Now, let’s talk about the data privacy concerns of Lensa, of which, there are many.
Data leakage is when sensitive data is accidentally exposed. It’s different from a data breach in that it’s unintentional and not the result of a cyberattack. Data leaks often happen when employees don’t know any better and download apps on their work devices that collect data outside the app.
Users that upload images basically give those over to Lensa to use as it wishes. And if those photos are taken at work, this could cause an issue with anything sensitive caught in the background. The app requires users to upload between 10 to 20 photos to generate their avatars.
A section from the Lensa AI Terms that users agree to when downloading the app states:
“…solely for the purposes of operating or improving Lensa, you grant us a time-limited, revocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable, sub-licensable license to use, reproduce, modify, distribute, create derivative works of your User Content, without any additional compensation to you…”
This exposes any data from the device to a whole other level of risk. Some of these companies aren’t known for protecting the data of users or acting responsibly when it comes to transparent data collection.
For example, Meta is being sued by Facebook users that accuse the company of using a loophole on iOS devices for tracking user activity, even though they used Apple’s app restriction feature.
In 2018, Google Firebase had an incident where thousands of mobile applications on both Android and iOS exposed over 113 gigabytes of data from Firebase databases.
Lensa does allow this third-party tracking to be turned off, but that doesn’t keep the device protected from other forms of tracking done by the app itself. Plus, once data is leaked, you can’t undo the security harm. The genie is out of the bottle.
Haxxess can help your Northern Ontario business review your mobile device security to reduce the risk of data leakage that can cause compliance and data security issues.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.