But you should know by now that not all apps are what they seem. For example, a viral FaceApp that millions of people used to make them look older had serious privacy flaws. Similarly, a new mobile app making the rounds also takes liberties with your data. Read on to see what this app is capable of and what you can do about it.

Here’s the backstory

If you have spent time recently on Instagram or Twitter, you undoubtedly would have come across the seemingly painted portraits of some users’ profile pictures. The app that many have used to turn dreary photos into beautiful sketches is NewProfilePic Picture Editor. It’s available for free on iOS and Android and uses artificial intelligence to render photos. So how bad can an app be that takes your images and turns them into sketches? According to the U.K’s Daily Mail, the app harvests your information and sends it to Russia. The links to Russia stem from findings that the parent company, Linerock Investments Ltd, is registered in Moscow. It also has one director based in Moscow with customer support offices in Russia, Ukraine and Belarus. The developer, pho.to, lists the British Virgin Islands as the governing country of the Terms of Service. According to the developer’s privacy policy, it collects:

Your nameEmail addressUser nameSocial network informationData about the devices you useMetadata linked to your content

It adds that “we may also obtain information from other companies and combine that with the information we collect on the Services.” Essentially, it can contact data brokers to build a complete marketing profile on you. The developer is also responsible for other mobile apps like ToonMe, Emolfi, Visage Lab and Ask AI for Instagram.

What you can do about it

Is there a legitimate reason to fear any company that has links to Russia in light of what’s happening in Ukraine? No matter the circumstances, everyone should be careful of an app that requires that much information, regardless of where it is based. “This app is likely a way of capturing people’s faces in high resolution, and I would question any app wanting this amount of data, especially one which is largely unheard of,” ESET security explained. Here are some tips to stay safe online:

Carefully read the Privacy Policy and Terms of Service on every app. It will explain what information it collects and where it’s going.If you don’t agree with anything in the documentation, stop using the app and delete it from your phone.Only download mobile apps from official app stores, and never download apps from third-party libraries.If you are concerned about your details leaking, create a burner email address for apps and services. Tap or click here to learn how to create a burner email.Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

The world complains about these consoles, mobiles and laptops the most Was your info exposed in the latest mobile breach? Here’s how to get free identity theft protection