Application Security & Online Fraud , Governance & Risk Management , Next-Generation Technologies & Secure Development

FaceApp Could Pose 'Counter-Intelligence Threat': FBI

Authorities Raise Concerns About Potential Russian Access to Data
FaceApp Could Pose 'Counter-Intelligence Threat': FBI

The Federal Bureau of Investigation warns that the photo-editing app FaceApp and other applications developed in Russia could be a "potential counter-intelligence threat" to the U.S.

See Also: OnDemand | Navigating the Cyber Landscape: 5 Insights for Strengthening Cybersecurity Hygiene

Responding to a letter from U.S. Senator Chuck Schumer, D-N.Y., the FBI categorizes FaceApp and other similar Russian apps as a potential threat to the U.S. because the apps store data and process scores of user's images and other device data.

"The FBI considers any mobile application or similar products developed in Russia, such as FaceApp, to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the government of Russia that permits access to data within Russia’s borders," the agency notes in a letter to the senator, which the lawmaker shared via Twitter.

Photo Editing App

Developed by Russian-based Wireless Labs, FaceApp uses artificial intelligence and facial recognition technologies to alter a photo to, for example, make a person look younger or older. FaceApp, which is downloadable from Apple Store and Google Play Store, has over 2 million Android installs, the FBI notes. FaceApp has publicly claimed that it removes most photos from its service 48 hours after submission, it adds.

In July, FaceApp was falsely accused of raiding individuals' photo libraries and uploading those photos to the cloud (see FaceApp's Real Score: A Mathematical Face Feature Set).

In a July letter to the FBI and the Federal Trade Commission, Schumer alleged that FaceApp could cause a "national security and privacy risks for millions of US citizens" and called for an investigating into the app's data usage.

Access to Data

FaceApp collects information about users' devices, cookies, log files, metadata and other contents that are shared between the user and the app, the FBI notes. The app collects users' photos and uploads them to cloud servers, which the company claims are hosted in the U.S, Singapore, Ireland, and Australia, the FBI states.

"Russia's intelligence service maintains robust cyber exploitation capabilities ... which allows the Russian Federal Security Service (FSB) to obtain telephonic and online communications via direct connection to internet service providers," the agency notes. "In other words, the FSB can remotely access all communications and servers on Russian networks without making a request to ISPs.”

FaceApp told TechCrunch in July that it discards most user photos within 48 hours despite its permissive privacy policy and said that no data was transferred to Russia. It also claimed that because users do not log in, the company cannot identify its users.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.