Over the summer, a mobile app called FaceApp briefly took the Internet and the mobile world by storm with a face-aging feature that let any user take a selfie and immediately see what they'd look like when they're old.
As it caught fire, the app became a popular topic in the news, and on Instagram, Twitter, and Facebook feeds were overrun with pictures of aging friends.
While all of that was happening, Democrat Senator Chuck Schumer of New York wondered whether the app's developer, Wireless Lab, which resides in Russia, posed a problem.
It took a few months, but today he received the answer he perhaps didn't want to receive.
"A warning to share with your family & friends: This year when millions were downloading FaceApp, I asked the FBI if the app was safe," Schumer tweeted Monday afternoon. "Well, the FBI just responded. And they told me any app or product developed in Russia like FaceApp is a potential counterintelligence threat."
Schumer's tweet accompanied a letter from the FBI in which it didn't necessarily call FaceApp a counterintelligence threat, but did say that, like all other Russian apps, it could pose problems.
"Russia's intelligence services maintain robust cyber exploitation capabilities as evidenced by, for example, Russia's surveillance system, the System of Operative Search Measures, which allows the Russian Federal Security Service (FSB) to obtain telephonic and online communications via direct communication to Internet service providers (ISP)," the FBI wrote. "In other words, the FSB can remotely access all communications and servers on Russian networks without making a request to ISPs."
That's a potential problem for anyone in Russia, let alone an app developer. The FBI noted in the letter to Sen. Schumer that the company "removes most of its photos from its servers 48 hours after submission." The agency also said that it stores, "according to FaceApp," its data in the United States, Singapore, Ireland, and Australia. But as long as someone is in Russia, where anything from user credentials to cloud servers to their own traffic, can be intercepted, anything can happen.
The fear over FaceApp's Russia connection has been floated before (and prompted Schumer to send the letter). In July, some security researchers questioned why FaceApp analyzes and modifies images for its aging algorithm in the cloud. No one said for sure, however, whether the Russian government could in some way use FaceApp's data.
In response to those questions, FaceApp told a writer at Forbes that the company doesn't "sell or share any user data with any third parties." The company added that using cloud servers for its images improves the app's overall functionality.
FaceApp isn't alone in raising concerns. TikTok, the wildly popular video social network, has also attracted U.S. lawmaker attention because its developer, ByteDance, is based in China. Like FaceApp developer Wireless Lab, however, ByteDance says it doesn't work on behalf of a foreign government.
Any way you look at it, what's clear is that geopolitical tensions can have real impact on companies and their users all over the world. If the FBI is correct, those tensions might also put Americans at risk of finding themselves a target of a threatening foreign government.
Who knew selfies and five-second videos could be so controversial?