By Shereen Siewert

FaceApp, the viral app that allows users to upload photos of their faces and have them automatically edited to look like their future selves, is under fire amid concerns that the Russia-based company that owns the app could be misusing the photos.

Democratic Sen. Chuck Schumer has called for a federal investigation into the company over what he says are potential security and privacy risks to millions of Americans who use the app, which by Wednesday had topped Apple’s and Google’s download charts.

“It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States,” Schumer said in a letter to the FBI and the Federal Trade Commission. “I ask that the FTC consider whether there are adequate safeguards in place to prevent the privacy of Americans using this application, including government personnel and military service members, from being compromised.”

FaceApp uses artificial intelligence software to automatically alter the photos in seconds. More than 80 million users have reportedly accessed the app since its 2017 release. Concerns focus around a questionable clause in the app, which can access, store and use images from your camera roll, without your permission.

The app’s terms of service say users grant the company a “perpetual, irrevocable . . . [and] worldwide” license to use a user’s photos, name or likeness in practically any way it sees fit.

Under those terms, if a user deletes content from the app, FaceApp can still store and use it. FaceApp also says it can’t guarantee that users’ data or information is secure and that the company can share user information with other companies and third-party advertisers, which aren’t disclosed in the privacy terms.

“This novelty is not without risk: FaceApp was developed by Russians,” DNC security chief Bob Lord wrote in the alert to campaigns, which was first reported by CNN. “It’s not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks. … If you or any of your staff have already used the app, we recommend that they delete the app immediately.”

But the app uploads people’s photos to the “cloud” of servers run by Amazon and Google, the company said, meaning deleting the app would likely make no difference on how the photos are used. In its privacy terms, the company said it can collect any of a user’s uploaded photos as well as data on the user’s visited websites and other information.

The app is owned by the St. Petersburg-based Wireless Lab. The company claims that “most images are deleted from our servers within 48 hours from the upload date.”