Application Security & Online Fraud , Governance & Risk Management , Next-Generation Technologies & Secure Development
FaceApp Could Pose 'Counter-Intelligence Threat': FBI
Authorities Raise Concerns About Potential Russian Access to DataThe Federal Bureau of Investigation warns that the photo-editing app FaceApp and other applications developed in Russia could be a "potential counter-intelligence threat" to the U.S.
See Also: OnDemand | The Four Steps to Build a Modern Data Protection Platform
Responding to a letter from U.S. Senator Chuck Schumer, D-N.Y., the FBI categorizes FaceApp and other similar Russian apps as a potential threat to the U.S. because the apps store data and process scores of user's images and other device data.
A warning to share with your family & friends:
— Chuck Schumer (@SenSchumer) December 2, 2019
This year when millions were downloading #FaceApp, I asked the FBI if the app was safe.
Well, the FBI just responded.
And they told me any app or product developed in Russia like FaceApp is a potential counterintelligence threat. pic.twitter.com/ioMzpp2Xi5
"The FBI considers any mobile application or similar products developed in Russia, such as FaceApp, to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the government of Russia that permits access to data within Russia’s borders," the agency notes in a letter to the senator, which the lawmaker shared via Twitter.
Photo Editing App
Developed by Russian-based Wireless Labs, FaceApp uses artificial intelligence and facial recognition technologies to alter a photo to, for example, make a person look younger or older. FaceApp, which is downloadable from Apple Store and Google Play Store, has over 2 million Android installs, the FBI notes. FaceApp has publicly claimed that it removes most photos from its service 48 hours after submission, it adds.
In July, FaceApp was falsely accused of raiding individuals' photo libraries and uploading those photos to the cloud (see FaceApp's Real Score: A Mathematical Face Feature Set).
In a July letter to the FBI and the Federal Trade Commission, Schumer alleged that FaceApp could cause a "national security and privacy risks for millions of US citizens" and called for an investigating into the app's data usage.
Access to Data
FaceApp collects information about users' devices, cookies, log files, metadata and other contents that are shared between the user and the app, the FBI notes. The app collects users' photos and uploads them to cloud servers, which the company claims are hosted in the U.S, Singapore, Ireland, and Australia, the FBI states.
"Russia's intelligence service maintains robust cyber exploitation capabilities ... which allows the Russian Federal Security Service (FSB) to obtain telephonic and online communications via direct connection to internet service providers," the agency notes. "In other words, the FSB can remotely access all communications and servers on Russian networks without making a request to ISPs.”
FaceApp told TechCrunch in July that it discards most user photos within 48 hours despite its permissive privacy policy and said that no data was transferred to Russia. It also claimed that because users do not log in, the company cannot identify its users.