The popular photo-editing application PhotoYu has come under public scrutiny after concerns surfaced over its data collection practices. The app reportedly requests extensive permissions — including access to the camera, location, and device information — raising eyebrows among users and experts who believe such access is unnecessary for a photo-editing app.
While the developer insists that the data is used solely to enhance the app’s artificial intelligence (AI) features, the issue has reignited a broader discussion about how much data AI-powered apps should be allowed to collect, and the importance of transparency in protecting digital privacy.
Rapid Growth, Rising Privacy Concerns
Over the past few months, PhotoYu has emerged as one of Indonesia’s most downloaded photo-editing applications, surpassing 5 million downloads. It offers various AI-driven tools such as auto-enhance, face retouching, and smart background removal.
However, users have raised concerns over the app’s intrusive permission requests. Some reported that the app continued accessing data even when inactive, prompting questions about how much user information was actually being gathered behind the scenes.
A report by the Cyber Privacy Watch Indonesia (CPWI) claimed that PhotoYu collects metadata from images, including geolocation and device usage patterns—information that could be used to build behavioral profiles of users.
Developer Clarifies, But Public Skepticism Persists
In response, the PhotoYu development team stated that the collected data is only used to improve AI accuracy and enhance user experience. They emphasized that no personal data is sold or shared with third parties without explicit user consent.
Despite the clarification, digital privacy experts remain unconvinced. They argue that users have the right to know how data is stored, how long it’s kept, and what purposes it serves.
“In the world of AI, data is the fuel,” said Ahmad Fadli, a cybersecurity researcher at the University of Indonesia. “But that doesn’t mean companies can collect everything without limits. Transparency builds trust — especially when facial data and biometric information are involved.”
The AI App Boom and the Privacy Dilemma
PhotoYu’s controversy adds to the growing list of AI-based applications criticized for privacy violations. Similar concerns were raised in the past with popular apps such as FaceApp and Remini, which also relied on facial data to train algorithms.
This reflects the growing dilemma of the digital age: innovation versus privacy.
On one hand, AI offers convenience and personalization. On the other, users often grant excessive permissions without realizing the potential risks.
According to a We Are Social 2025 report, 84% of Indonesian internet users admitted they’ve allowed app access without reading privacy policies. The statistic highlights a pressing need for stronger digital literacy and awareness of personal data rights.
Regulation Still Catching Up
Indonesia’s Personal Data Protection Law (Law No. 27 of 2022) serves as the country’s main legal framework for data protection. Yet, enforcement remains inconsistent — especially against international app developers operating in the Indonesian market.
Independent audits and verifications of app privacy policies are still rare, leaving loopholes that developers can exploit. Many apps include vague clauses in their terms and conditions that allow extensive data collection with minimal oversight.
Experts emphasize the need for collaboration between regulators, developers, and users to build a secure digital ecosystem that balances innovation with accountability.
How Users Can Stay Safe
Protecting privacy isn’t just the responsibility of governments or companies — users also play a key role.
Some recommended steps include:
- Review app permissions before installation.
- Only download official versions from verified app stores.
- Avoid uploading sensitive documents or personal photos to unverified platforms.
- Enable two-factor authentication (2FA) whenever possible.
These small but vital habits can help users maintain control over their personal information in an increasingly connected digital world.
The Bigger Picture: Privacy as Digital Investment
The PhotoYu incident reminds us that behind every convenience offered by AI lies the responsibility to protect user trust.
Innovation must go hand in hand with ethics and transparency. True digital trust can only flourish when users feel confident that their data and identity are secure.
This is where secure digital verification systems play a crucial role — ensuring identity validation without exposing sensitive personal information.
Solutions like Beeza empower organizations and institutions to strengthen digital trust through integrated identity verification, e-KYC, and document authentication technologies.
In today’s hyper-digital world, data protection is no longer optional — it’s foundational.
Protect your users, your data, and your reputation.
Discover secure identity verification and digital safety solutions at 👉 beeza.id