Popular app Voila AI introduces risks for cartoonified users, says security firm

The cartoon effects are not done on your phone but by uploading your image to the internet.
The cartoon effects are not done on your phone but by uploading your image to the internet Photo credit: Getty Images

Chances are you or someone in your network has recently used the viral Voila AI Artist app to convert a photo of them to a Pixar-style cartoon, Renaissance painting or caricature.

But how many people are aware there might be a privacy risk in doing so? Or exactly what data you are providing to the developers?

Voila has largely positive ratings across both Apple's App Store and the Google Play store and brands itself as "a special little app that turns your photos into stunning pieces of art", offering "limitless fun".

While there may not be any obvious red flags, Check Point Software has highlighted that the app sends all pictures to its servers for processing which, combined with user identification details, could result in users being vulnerable in the event of a cyber attack.

"Most users likely assume that the processing of the Voila app is done locally on their phone. This is not the case," Yaniv Balmas, head of cyber research, said.

"When a face photo is sent to the company's server, the app includes unique installation IDs that were generated by Google Play.

"While this fact is mentioned in the company's privacy policy, the possibility for misuse of the data opens up," he said.

"We have no way of telling if the company is doing anything illegal or malicious, but I do think it's important for new users to be aware of the inherent risks in sending content to servers for processing."

The developers, Wemagine.aI, link to the company's privacy policy in its app store listings and CPR notes their initial analysis found the company was legitimately registered and used encrypted traffic for all data.

But there may still be other risks associated with what's provided, says popular fact-checking website Snopes, including disclosure of your data to contractors and third parties as defined by Wemagine.ai.

Personally identifiable data such as usage data, cookies, browser information, phone models and purchase history can also be transferred outside of a user's home country and into areas where data protection laws differ.

"The security of your data is important to us but remember that no method of transmission over the internet or method of electronic storage is 100 percent secure," Wemagine.ai's privacy policy states.

"While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security."

Ultimately, the risk lies with the person choosing to use the app and accepting the privacy policy - and that applies to other apps.

"Security risks associated with data collection are inherent in many applications," Snopes concluded.

 "Though the company that operates Voila aI artist Cartoon Photo collects data from individual users, it is not yet known to what extent these pose security risks that are unique from other data-collecting applications."