Russian FaceApp selfie-slurper poses 'potential counterintelligence threat', FBI warns

Feds tell senator that age-filter toy a possible security risk

By Shaun Nichols in San Francisco


Netizens who fire up FaceApp for fun may be unknowingly putting national security at risk, according to the FBI.

In a recent letter (PDF) to US Senator Charles Schumer (D-NY), the Feds said the Russia-based face-aging tool released to much fanfare this past summer could conceivably be used by the Kremlin for intelligence.

"The FBI considers any mobile application or similar product developed in Russia, such as FaceApp, to be a potential counterintelligence threat, based on the data product collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia's borders," wrote Jill Tyson, assistant director of the FBI's office of congressional affairs.

Back when the app first hit it big in July of this year, there were questions about the way FaceApp handled the images users submitted to the service. FaceApp has countered that it only briefly collected the images (usually for less than 48 hours) for its internal testing and no data is actually stored in Russia.

Still, the FBI says, the broad terms of service, combined with the FSB's ability to directly pull data from any Russian ISP, mean that people who use the service could unwittingly be providing the Kremlin with intelligence.

Tempted to play with that Chinese Zao app for deep-fake frolics? Don't bother if you want to keep your privacy


"If the FBI assesses that elected officials, candidates, political campaigns, or political parties are targets of foreign influence operations involving FaceApp, the FBI would coordinate notifications, investigate, and engage the Foreign Influence Task Force, as appropriate," Tyson said.

The FBI's letter was in response to a request Schumer issued back in July asking both the Bureau and the FTC to look into FaceApp, noting that "it would be deeply troubling if the sensitive personal information of US citizens was provided to a hostile foreign power actively engaging in cyber hostilities against the United States."

Upon posting the FBI letter on Monday, Schumer said those fears were validated.

"This year when millions were downloading #FaceApp, I asked the FBI if the app was safe," Schumer tweeted.

"Well, the FBI just responded. And they told me any app or product developed in Russia like FaceApp is a potential counterintelligence threat." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

Black Hat Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

FYI: FBI raiding NSA's global wiretap database to probe US peeps is probably illegal, unconstitutional, court says

Analysis A data silo we didn't know existed until a certain IT admin went rogue

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

Some concerned it hands too much power to too few

Remember the FBI's promise it wasn’t abusing the NSA’s data on US peeps? Well, guess what…

Turns out the Feds make the CIA and NSA actually look good

Mozilla locks nosy Avast, AVG extensions out of Firefox store amid row over web privacy

Add-ons accused of slurping every URL netizens visit

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...

Patch Tuesday Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now

FBI probing Uber over use of 'Hell' spyware to track rival biz Lyft

Beleaguered company says it's 'cooperating' with investigation

Mozilla expands bug bounty program and triples payouts for flaw finders for hire

But the big money's in Huawei's new (invite only) program

NSA to Congress: Our spy programs don’t work, aren’t used, or have gone wrong – now can you permanently reauthorize them?

Senators: Um, no.

We are shocked to learn oppressive authoritarian surveillance state China injects spyware into foreigners' smartphones

Border cops accused of loading tourists' mobiles up with snoop app in Muslim area


Delivering Instant Experiences: Optimizing the Performance, Cost and Capacity of Data-Driven Applications

The question is, how can you accelerate data processing to keep up with accelerating business demands for an instant experience? Get the answer to this question and more in this upcoming webinar hosted by The Register’s Elena Perez. With insight from Sheryl Sage, Director of Partner Marketing at Redis Labs, and Frank Ober, a Non-Volatile Memory Solutions Architect from Intel Corporation.

Integrating Threat Intelligence into Endpoint Security

While threat intelligence can transform an organization's security posture, it can also be complex and costly for organizations to adopt.

EMA Report: Network Detection and Response in the Cloud Comes of Age

"ExtraHop's new Reveal(x) Cloud SaaS offering for AWS takes the deployment burden away from AWS customers, enabling fast service provisioning and instant asset discovery, and providing threat detection, investigation, and response."

Detecting cyber attacks as a small to medium business

If security by obscurity is no longer an option, and inaction is a risk in itself, what can smaller enterprises do to protect themselves? Endpoint Detection and Response (EDR) solutions can go a long way towards minimising the level of threat, but they need to be chosen and used in the right way.