Remember the viral app that aged you? FBI slams FaceApp as counterintelligence threat

Novelty may have a hidden, nefarious purpose, the FBI has cautioned.

Spyware on your smartphone: How to deal with it Surveillance isn't just the purview of nation-states and government agencies -- sometimes, it is closer to home.

When FaceApp went viral over summer and our social media feeds were filled to the brim with delighted users showing how the app predicted they will look in their twilight years, privacy issues soon surfaced. 

Some critics raised the idea of countless users feeding into a massive dataset that could be used for surveillance, facial recognition purposes, or deepfake technology, whereas others highlighted that the app's terms of service decreed everything from user IPs to cookie data and activity logs may be sold to advertising companies. The app's origins in Russia also raised red flags. 

We've seen how an online quirky, or fun service, can be abused to strip us of our privacy -- just ask Facebook, considering the Cambridge Analytica scandal that revolved around personality quizzes. 

See also: These malicious Android apps will only strike when you move your smartphone

In all honesty, merely using social media is far more of a risk to our overall data and privacy than one app would ever likely pose. However, the FBI has investigated FaceApp, which launched in 2017 but did not rise to fame until 2019 with the #AgeChallenge viral movement, and decreed that the age-changing application is a "counterintelligence threat."

In July, Democrat US Senator Chuck Schumer wrote to the FBI and the US Federal Trade Commission (FTC) expressing concerns over FaceApp. On November 25, the agency responded and the letter was posted on Twitter by Schumer on Monday. 

FaceApp's terms of service and end-user license agreement lay out how information including analytics, cookies, log file information, device identifiers, and metadata, are uploaded to cloud services, and previously, the app maker has said most photos are deleted from its servers 48 hours after submission. 

Nothing, so far, seems that out of the ordinary in a world where user data is a valuable resource to advertisers. However, the FBI believes that the app's connection to Russia "is a potential counterintelligence threat based on the product data it collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia's borders."

TechRepublic: Synack's Trust Report uses Attacker Resistance Score to rate cybersecurity defenses

These mechanisms also require ISPs to be able to block Internet connections and traffic, thereby potentially separating Russian Internet users from the rest of the global network. 

CNET: TikTok accused of secretly gathering user data and sending it to China

FaceApp has previously denied that user data crosses over Russian borders, "even though the core R&D team is located in Russia."

"If the FBI assesses that elected officials, candidates, political campaigns, or political parties are targets of foreign influence operations involving FaceApp, the FBI would coordinate notifications, investigate, and engage the Foreign Influence Task Force, as appropriate," the letter noted. 

Russia has previously drawn criticisms following allegations of meddling in the US Presidential election, running troll farms designed to spread propaganda and spread political dissent, and being a country that is constantly launching cyberattacks. 

President Vladimir Putin recently signed new legislation demanding that all mobile devices, computers and smart TVs sold in the country come with Russian apps, a move resisted by foreign manufacturers. 

ZDNet has reached out to FaceApp but has not heard back at the time of publication. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0