In May 2022, a new profile picture application, officially named “NewProfilePic Picture Editor” on the Apple Store and “New Profile Picture: Profile Picture” on the Google Play Store, topped the mobile charts with hundreds of thousands of downloads. When people posted images of this new app, mobile software that uses artificial intelligence to create profile pictures that look like they’ve been painted over, posts began circulating on social media claiming this app was some sort of Russian malware Amounted to.
Is the new profile picture app stealing data?
One person shared a screenshot of the requested app permissions and wrote: “DO NOT DOWNLOAD the NEW PROFILE PIC.COM app, it takes all your info and sends it to Moscow !!!!!!!”
The permissions listed in the image above are not uncommon compared to many popular mobile apps. When we compared the content of this screenshot to other top apps, such as ICT-Tac, Whatsapp, and instagram, we found that it’s not uncommon to ask users for permission to “receive data from the internet” and “complete to have network access”. People should definitely be aware that they are giving companies this level of access when downloading their apps. That said, New Profile Pic’s permissions are not anomalous.
Is the New Profile Pic app based in Russia?
The new profile picture was created by a mobile development group called Informe Laboratories, Inc., and copyrighted by Linerock Investments LTD as listed in the Google and Apple app stores. These companies are also behind the popular apps Photo Lab Photo Editing & Art and ToonMe – Cartoons From Photos, two apps that collectively have millions of reviews, the vast majority of which are five stars.
The Google and Apple App Store lists the developer’s location as Tortola in the British Virgin Islands.
The claim that this app is associated with Russia or the Kremlin was based on screenshots that allegedly show how the website newprofilepic.com was registered in Moscow.
When we searched this domain on May 11th, our results showed that this website was registered in Florida. We contacted Linerock Investments for more information, and a spokesman told us that the domain was actually previously registered in Moscow because the company’s founder had lived there. However, the spokesperson said that person had moved, so the company changed the domain registration address “to avoid confusion.”
The spokesperson said via email:
It is true that the domain was registered under the Moscow address. This is the former Moscow address of the company’s founder. He currently does not live in the Russian Federation. The address has now been changed to avoid confusion.
This app comes from a British Virgin Islands company that employs an international team of developers, some of whom are based in Russia. The speaker said:
We are a BVI company. Our application is developed by an international team with development offices in Russia, Ukraine and Belarus.
The Daily Mail reports that this app was developed by a company “overlooking the Moscow River three miles from Red Square,” implying a connection between this app and the Kremlin. When we questioned Linerock about this claim made by The Daily Mail, the spokesman told us that the point of sale referred to an address of lawyers who had registered the company in Moscow, not the company itself. The spokesman said:
The Moscow River address is the address of the lawyers who registered the company. We never had an office there.
A blog post on Linerock’s pho.to website details a longer response to the rumours. The company explained that it uses Amazon AWS and Microsoft Azure, two servers in the United States, and that no images or user data are sent to Moscow:
However, the app’s popularity has a downside. Britain’s Daily Mail published an article today claiming that NewProfilePic is likely to “spy on your data and send it to Moscow” because the app “was developed by a Moscow-based tech company”. 🙈
Again, we cannot help but recall the double of “Bangladeshi History”. All we can do is patiently explain that all our apps (including NewProfilePic) are NOT a threat. We are a BVI company with development offices in Russia, Ukraine and Belarus. However, your photos (or any other data) will NOT be sent to Moscow. All of our applications are server based and user images are uploaded to Amazon AWS/Microsoft Azure servers located in the United States. This is necessary to apply all the fancy effects generated by AI technologies.
Does this app steal money?
Another popular social media rumor has it that people have withdrawn money from their bank accounts shortly after downloading this app. This is an example:
We could neither confirm nor deny that this actually happened. Furthermore, many details about these claims are unknown. (Was it a subscription? Was the money refunded? Did the user provide the app with credit card information?)
We’ve reached out to Google, Apple, and the user who posted the message shown above, and we’ll update this article when more information becomes available. A spokesman for the app told us that while the screenshots showing the charges may be real, they aren’t from the New Profile Pic app because the app is “totally free and contains no content.” Purchases,” it says, does not require user payment information.
The spokesperson said app stores are full of apps with the same name, some offering subscriptions or in-app purchases. It’s possible, according to the spokesperson, that users accidentally used one of these similar apps and the service was charged for it. The announcer told Snopes:
Because all photos shared on social media have our #NewProfilePic logo, people use the App Store search to find the app. If you check the search results, you’ll see other apps with fairly similar titles. And some of them have in-app purchases. It is misleading and some users download multiple apps to get the effect and in some cases they can activate the trial via paywall. You simply delete the app afterwards (which doesn’t stop the subscription) and you’ll be charged after the trial expires. The fees are currently not triggered by our apps, but by competitors.
Is the new profile picture app safe to use?
In conclusion, the claim that this application is unusually invasive is false. The requested app permissions are similar to other mainstream apps. The claim that this app steals data for the Kremlin is also unfounded. This app was developed by a British Virgin Islands company using a team of international developers, some of whom live in Russia. Finally, claims that users of this app have had funds withdrawn from their bank accounts are unfounded to date.
It is also worth remembering that this app is not from a new company and New Profile Pic is not their first app. ToonMe and Fotolabor, two of the developer’s other apps, have over 150 million installs on Google Play. Both apps have been around for years, and we are not aware of any reports of them being used to steal money from bank accounts or leak user data to the Kremlin.
A spokesperson for the app told us, “The NewProfilePic app does not store any user accounts or personal information. …This app is safe for humans to use.