"I just took a selfie..."
A story of facial images and personal information leaked through a fake beauty app
"I just took a photo to analyze my skin. After that, I started receiving strange text messages."
This story began with a beauty app user.
Recently, beauty apps have become so comfortable with camera-based features like skin tone analysis, pore diagnosis, and makeup recommendations.
So, this user installed the app without any suspicion and took a selfie without hesitation.
The app screen was familiar, and the functions worked normally.
There was only one problem:
This app wasn't "real."
"It looks like a legitimate app, so what could be the problem?"
Investigation revealed that this app wasn't distributed on the official app store, but a fake, repackaged version of a legitimate beauty app.
The icon was the same, the UI was the same, and the skin analysis flow was the same.
But something completely different was happening under the hood.
The Actual Problem
The fake beauty app worked as follows:
• A legitimate beauty app was repackaged and distributed.
• The face capture and profile input screens were duplicated.
• The user's facial images and personal information were then sent to an external server, simultaneously with normal function processing. From the user's perspective, they simply granted camera access, but in reality, both their facial images and personal information were being leaked.
The damage was particularly severe because the facial data was not simply a photograph, but rather high-risk personal information that could be used as biometric information.
Where did the security breach occur?
The core of the problem was clear.
• The app was not verified as an officially distributed app,
• and there was no way to verify the authenticity of the face capture screen. In other words, the biggest security vulnerability was that "the moment you trusted the app, you handed over all permissions."
Users were cautious, but there was no technical means to distinguish between the two.
How was the defense implemented?
LIAPP – Detecting Counterfeit Apps (Repackaged Apps)
LIAPP was the first solution to address this issue.
LIAPP identifies apps that differ from officially distributed apps by checking: • app signatures, • code structure, and • resource integrity at app launch time.
This allows it to:
• block the execution of repackaged fake apps,
• neutralize the fake face capture UI, and
• completely block access within the fake app environment.
Users can no longer take selfies within the fake app.
LIKEY – Personal Information Input Protection
Not only facial images, but also names, contact information, and profile information were protected.
LIKEY
• provided a secure keypad for profile information entry,
• neutralized keylogger-based input theft.
This protected input information from external sources, even within legitimate app environments.
What changed after that?
The changes following the security measures were clear:
• Immediately blocked access attempts to fake beauty apps
• Stopped leaks of facial images and personal information
• Relieved user anxiety
• Restored brand trust
The most important change was this: A shift from the "user must be careful" approach to the "app must protect the user."
Lessons from this case
In beauty apps, facial data isn't simply a functional element.
Facial data isn't just a "photo," it's "personal information."
Therefore, the following are crucial:
• Verify the authenticity of the app first
• Ensure the captured image isn't tampered with
• Protect input information at all times
No matter how good a feature is, it can't be used without trust.
The starting point for beauty app security is "verification of authenticity," not functionality.
#BeautyAppSecurity#FakeAppWarning#FakeApp#PersonalInformationLeakage#FacialInformationProtection#PrivacySecurity#MobileSecurity#AppForgery#RepackagedApp#SelfieSecurity#CameraPermissions#MobileAppSecurity#SecurityCases#ITSecurityStory#SecurityTrends#LIAPP#LISS#LIKEY
