FBI: FaceApp Potential Spy Risk

Written by

The FBI has confirmed to a US senator that the popular mobile application FaceApp could be a counter-intelligence risk because of its Russian developers.

The app — which uses AI to transform the faces of users to make them look older, change gender and so on — leapt to fame earlier this year when the #FaceAppChallenge started trending.

It was said that the title, which was created by St Petersburg-based Wireless Labs in 2017, has access to the facial images of over 150 million users globally.

Security experts warned at the time that the app requests access to all of a user’s photos, not just the ones they want to manipulate using its tech. It also demands access to the smartphone’s search and Siri functions and background refreshes.

That was a problem for New York senator Chuck Schumer, who asked the FBI to investigate whether FaceApp posed a national security risk by potentially providing the data it harvests to Russian authorities.

Although the app’s makers say photos are uploaded only to cloud datacenters located in the US, Singapore, Ireland and Australia, and that most photos are removed from its servers 48 hours after submission, concerns persist.

The Bureau responded in a letter published by Schumer on Monday that any mobile app or similar product produced in Russia would be considered a potential counter-intelligence threat “based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the government of Russia that permit access to data within Russia’s borders.”

It said Russia’s fearsome Federal Security Service (FSB) can remotely access “all communications and servers” on networks in the country without the need to submit formal requests to ISPs.

“If the FBI assesses that elected officials, candidates, political campaigns, or political parties are targets of foreign influence operations involving FaceApp, the FBI would coordinate notifications, investigate, and engage the Foreign Influence Task Force, as appropriate,” the letter stated.

What’s hot on Infosecurity Magazine?