How Secure Is BeReal?

BeReal was a late entry into the social media game but an increasingly popular one. The app — which lets users post just once daily at random times — has quickly gained steam for its contrast against highly curated, filtered Instagram and Facebook feeds. However, it gives some security experts pause.

Privacy is an issue with most social networks, but BeReal stands apart from the rest. The very things that make the platform unique also pose new challenges to security.

BeReal’s Privacy Features

Before diving into BeReal’s privacy issues, it’s important to review its security features and protocols. These can reveal what the platform does to ensure users’ privacy, putting its potential downsides in context.

BeReal’s privacy policy outlines six rights users have over their information on the site. These include being able to access what third parties the site shares data with, receive a copy of that data, and request its correction. Users can also restrict access from integrations, limit who can see their posts, deactivate time and location settings and disable features that bring up old posts.

As of this article’s writing, BeReal has yet to experience a public data breach, which many other social platforms cannot say. However, that doesn’t necessarily mean the site has more advanced security features than others. It hasn’t been around or garnered as many users as others, either, so breaches could happen in the future.

Privacy Issues With BeReal

Despite the lack of a major breach in the app’s history, BeReal has some significant privacy shortcomings. Users must be aware of these to take more control over their security.

Accidentally Revealing Information

The biggest issue with BeReal lies within the site’s main selling point. When users upload on BeReal, it takes a picture with both cameras, showing the environment around someone as well as their face. While that’s great for promoting authenticity, it makes it easy to accidentally reveal sensitive information.

If someone takes a BeReal selfie in front of their computer, whatever’s on their monitor will become publicly accessible. Other users could look at that to glean personal information about the original poster. They could then use that information for credential stuffing or to form more effective phishing attempts — the most common type of cybercrime today.

This accidental data leakage grows even more concerning when considering users taking pictures at work. Employees could reveal trade secrets or sensitive customer information, leading to significant legal fallout.

Similarly, users may unintentionally jeopardize the privacy of those around them. People in front of a user taking a selfie may not realize they’ll be in the picture, too. Users could then post them or any personal information on their screens without their knowledge or consent.

Extensive Data Collection

BeReal’s data collection policies are also less than perfect. Most social media sites collect and share more information than users realize, and BeReal is no exception. According to its privacy policy, it stores names, locations, birth dates, IP addresses, phone numbers, web activity and more.

After collecting all of this potentially sensitive data, BeReal stores it for a considerable period. The site keeps many data categories for up to two years and reserves the right to hold onto some information indefinitely. In many cases, the only way to delete this data is for users to delete their entire account.

Specifics about how BeReal protects this data aren’t publicly available, but they say authorized employees can access it. Depending on their internal controls, that could expose this information to breaches from employee error. Over half of data breaches come from weak credentials, so something as simple as a poor password could grant an attacker access to all this data.

Weak Default Controls

Like any social media site, BeReal lets users customize their settings to improve their privacy. However, the platform’s defaults are the least secure option. Even though users can change these settings, having to take the extra step to do so can be enough to dissuade them from it.

Geolocation is a prime example. The site automatically uses location services and shares locations when users post as part of its mission statement of authenticity. While sharing this information does promote openness, that openness reveals more data to potential attackers than users may be comfortable with.

Some users may not realize they can disable geolocation or restrict who can see their posts. As a result, many may accept a lower standard of privacy out of convenience or lack of understanding.

How to Use BeReal Safely

These security shortcomings are significant, but many aren’t unique to BeReal, either. All social media involves some amount of sacrificed privacy, but with the right approach, users can enjoy it safely. BeReal is the same.

Look Around Before Taking a Picture

The most important step in using BeReal safely is to be aware of one’s surroundings when posting. Users should look at what’s behind and in front of them to ensure nothing sensitive is in the shot. If users are in front of a computer screen, especially at work, they should turn it off before taking a picture.

It’s also best to review pictures before posting them to ensure they didn’t accidentally capture anything sensitive. Users can see how many retakes a user took before posting, but BeReal won’t save the pictures themselves, apart from the final upload. If users want to be extra safe, they can clear their cache after retaking pictures but before uploading.

Know Your Rights and Controls

Next, users should familiarize themselves with BeReal’s privacy policy and the options it gives them. Changing defaults to disable geolocation and restricting post visibility to only friends are good first steps. Opting out of data-sharing with third parties and integrated apps is also another recommended action.

If any information BeReal asks for is optional, it’s best not to share it. The less users share, the less they have to lose in a data breach. That step is a good rule of thumb for any web service, not just BeReal.

BeReal Presents Significant Risks If Used Improperly

BeReal’s extensive data collection, weak defaults, and high risks of accidentally capturing sensitive information can pose serious risks. However, if users are aware of these shortcomings and consider them when posting, they can use the site safely.

Compared to other social media sites, BeReal may be slightly less private because of the nature of its posts, but it’s not necessarily dangerous. As long as people know to check their surroundings and adjust their settings, the app doesn’t have to be a risk.