Back in 2017, the Russian startup faced backlash for adding filters that changed users' ethnicity, with people criticizing the feature for being a form of "digital blackface." The company ended up pulling the filters. The app recently enjoyed a resurgence in popularity for rolling out a filter that ages people's faces quite convincingly. However, it eventually came out that the app uploads photos to the cloud without making it clear to users that it's not processing selfies locally on their devices.
In his letter addressed to the FBI and the FTC, Senator Schumer said the app could pose "national security and privacy risks for millions of US citizens" due to its irrevocable data access requirement. "In particular," he wrote, "FaceApp's location in Russia raises questions regarding how and when the company provides access to the data of US citizens to third parties, including potentially foreign governments."
Schumer is now asking the FBI to assess whether the personal data US citizens are uploading to the app is finding its way into the hands of Russian authorities. In addition, he's asking the FTC to consider whether there's a way to prevent Americans, especially government and military personnel, from using the app. If that's not possible, he's asking the FTC for help to make the public aware of the risks associated with using the application.
Reuters said, however, that there's no evidence FaceApp is providing user data to the Russian government. The company told TechCrunch that it only uploads the photos users wants to edit -- it "never transfer[s] any other images from the phone to the cloud." It admitted that it might store a user's photo in the cloud in case they want to edit it repeatedly, but that it deletes "most images" from its server within 48 hours. Further, it denies that it even transfers user information to Russia, telling the publication that its cloud-based processing uses Amazon Web Services and Google Cloud.
Most importantly, FaceApp stressed that it doesn't have access to most users' data. Apparently, 99 percent of the people who use it don't even log in. It's giving users a way to send in data removal requests even if that's the case: people simply have to go Settings > Support > Report a bug and send a message with the word "privacy" in the subject line.
While it's not yet clear if the FBI and the FBI will launch an investigation, the Democratic National Committee is already taking precautionary measures. The committee warned its 2020 presidential candidates against using the app in an effort to prevent the security ordeal it faced in 2016 from happening again.