The FaceApp app has gone viral over the last day or so, especially on Twitter, with people sharing pics of themselves, and others, as they’ll look when they get old.

The pics are fun, the viral nature harmless, but there are a few questions:

• How does FaceApp gain access to your photos even if you mark access to your photo library as “Never”?
• Does FaceApp upload those photos to their servers? And what happens to those photos after FaceApp hands you back your aged version?

Matthew Panzarino does a great job exploring and explaining these issues. Personally, I think someone at FaceApp should lay all this bare in a blog post, avoid turning all this viral exposure into a black eye.

One point Matthew makes that stands out to me:

While the app does indeed let you pick a single photo without giving it access to your photo library, this is actually 100% allowed by an Apple API introduced in iOS 11. It allows a developer to let a user pick one single photo from a system dialog to let the app work on.

An app can let you pick out a single photo, even if you mark access to photos as Never. This strikes me as a decision made long before privacy was even a consideration, left in place over the years as privacy moved to the forefront.

As Panzarino points out, maybe it’s time to reconsider that option.