FBI assesses Russian apps may be counterintelligence threat

Written by

All mobile apps developed by Russian entities may be counterintelligence threats to the United States, the FBI has assessed in a letter sent to the Senate’s minority leader.

“The FBI considers any mobile application or similar product developed in Russia … to be a potential counterintelligence threat, based on the data the product collects, its privacy and terms of use policies, and the legal mechanisms available to the Government of Russia that permit access to data within Russia’s borders,” Jill Tyson, the assistant director for the FBI’s office of congressional affairs, wrote in a letter to Sen. Chuck Schumer, D-NY, that CyberScoop obtained.

The bureau’s concerns about Russian counterintelligence operations come in response to an inquiry Schumer sent to the FBI this summer about whether Americans’ data on FaceApp was being provided to the Kremlin.

The FBI has assessed that the Russian photo-aging app, which became a viral sensation earlier this year, is among possible counterintelligence threats, according to the letter.

“In light of FBI’s warning that FaceApp, and similar applications developed in Russia, poses a potential counterintelligence threat to the United States, I strongly urge all Americans to consider deleting apps like FaceApp immediately and proceed with extreme caution when downloading apps developed in hostile foreign countries,” Schumer said. “The personal data FaceApp collects from a user’s device could end up in the hands of Russian intelligence services.”

The contents of the letter were first reported by Bloomberg News.

Legal constraints in Russia

Of particular concern to the FBI is the legal framework around government access to data in Russia — which has rapidly evolving guardrails. Russia’s laws on data were updated as recently as Monday, when Russian President Vladimir Putin signed legislation mandating Russian apps and software come pre-installed on all smartphones, computers, and smart TVs sold in Russia. That law will go into effect next summer.

Just last month, a Russian law that allows greater control of and access to information online, known as the “sovereign internet” law, went into effect as well. It affords the Russian government more control of internet activity, and specifically compels internet service providers to install software that allows the government to filter and track internet traffic.

“Russia’s intelligence services maintain robust cyber exploitation capabilities as evidenced by, for example, Russia’s surveillance system, the System of Operative Search Measures, which allows the Russian Federal Security Service (FSB) to obtain telephonic and online communications via direct connection to internet service providers (ISP),” Tyson writes. “In other words, the FSB can remotely access all communications and servers on Russian networks without making a request to ISPs.”

The FBI is also taking note of terms of use and privacy policies of Russian apps. FaceApp’s privacy policy, for its part, notes it may obtain users’ location information. The app may also provide information in its app in response to legal requests from outside of the United States.

Read the letter below: