Hacker News new | past | comments | ask | show | jobs | submit login

There is no threat model for an iPhone app to do nefarious things in an App Store distributed app on a non-jailbroken phone. At most, FaceApp grabs the picture you uploaded and some minor meta-data that every app using an analytics tool (read: all of them) collects.

This is political grand-standing at best, and would be a non-issue if you replaced the geographic location of the dev team with any other countries

I get it, Russia is the Big-Bad-Boogeyman right now. But if you think for a second that a real attempt at counterintelligence would publicly come from such an obvious point of interest, than I have a bridge to sell you






By "non-jailbroken" you should mean "jailbreakable": it is the existence of the vulnerability that makes the phone insecure, not the user having used an exploit to leverage that vulnerability to do something for them. Like, for no avoidance of doubt: if you are running a version of iOS for which you can download an app-based jailbreak (which has been all jailbreaks for current phones that have been released for years now, all reliant on sandbox escapes), the issue is that the attacker jailbreaks your phone, not that you do; and also, to be explicit, as people also often confuse this, the code I would put in an app for a "back door" capable of letting me jailbreak remotely would not look like exploit code but would look like an innocent bug: maybe a vtable use after free bug on my stack while parsing a network response for which I knew the location of all the required ROP gadgets to exploit (put different "if you want to put a back door in software, just leave yourself a vulnerability you know how to exploit, and then claim you weren't evil, you were just bad at memory management or concurrency... like everyone else).

Just to be clear, you’re saying that FaceApp has a yet unfound component that lets them remotely jailbreak an otherwise un-jailbroken Phone via a published AppStore app? and that they’ve done this in the open on one of the most politically criticized apps short of Facebook?

1) I am saying that your assertion that "There is no threat model for an iPhone app to do nefarious things in an App Store distributed app on a non-jailbroken phone." is a misleading statement that is making a very broad and entirely inaccurate claim about something that I personally don't want anyone confused about (the safety of users jailbreaking their own phone, particularly on these newer devices where the jailbreak developer has very limited ability to mess with the sandbox).

However, 2) I would imagine the probability that FaceApp does not have a vulnerability in it somewhere is extremely low, as in my experience essentially every single app has security flaws in them; the problem in your mental model is that you think someone would "find" a "component" that would be a smoking gun of some form, whereas only an idiot would make a back door something other than a security vulnerability (as essentially every single app has security vulnerabilities). Were any placed there on purpose? No one would ever know.


The threat model is that this photo is shared with the Russian government and then the Russian government can match American citizens (or potentially people working in intelligence), and then using that in facial recognition programs. I.e. they can differentiate Americans (insert x country) from their own citizens and know who to watch more carefully.

This is a legitimate threat model. I'm not sure why you think it wouldn't be. Spies and others do use fake identities. The threat model is that there is that there is a way to determine who is faking their identities.


A picture, that has no good associated data about the user, is a real threat? Heaven forbid Russia figures out how to take pictures in public places

> A picture, that has no good associated data about the user

A picture is a username... Are you trying to say that your face isn't personal identifying identification (PII)? I'm not sure what your argument is here, because it can't be that. That argument would be absurd, so I'm sure I am misunderstanding.


If you read the (very brief) brief, it specifically mentions this mostly in regard to US politicians and public figures

Isn't the picture associated with a specific user? Even if the association wasn't 100% reliable that could still be a threat.

I am not a spy, but I imagine they have some sort of internal guidelines around uploading face pics and PII to random apps/websites

If you work for the government in any way they generally don't want you spreading around PII. Number one concern is that you can be blackmailed. So of course, the lower your informational footprint is the lower the threat model.

The photo is what's explicitly called out in the FBI complaint, with particular regard to how the photo is used and stored.

The funny thing to me is it nitpicks about the terms of service. Will a TOS prevent a foreign intelligence agency from using the data for nefarious purpose? That sounds silly.


This might have something to do with Russia banning the sale of smartphones without Russian apps today:

https://www.themoscowtimes.com/2019/12/02/russia-bans-iphone...

It's a tit-for-tat response, showing that if they want to make this a trade war, their companies will get hurt too. So yes, national grandstanding.

Edit: Wups, dates are wrong. This FBI release is from November 25, so the Russian law is likely in response to it, not vice versa. Still national grandstanding, but the idiot party isn't necessarily the Russians.


Are you sure Faceapp grabs only the photo you uploaded? “At most” implies it literally can’t grab more than that. But it seems like it can. It has access to all your photos, not just your camera.

Yes, I am sure that's all it can grab (on the iphone). Anyone telling you otherwise is fear-mongering

Edit: Obligatory “why are you booing me, I’m right?”


Why are you sure that’s all it can grab? That seems mistaken on a technical level. “Can’t” and “doesn’t” is an important distinction.

We have seen lots of examples of ad analytics SDKs that push the iPhone beyond its intended sandbox. Most of them have been banned, but some operated for years before getting banned. It would be a disservice to brush away those concerns as fearmongering.


By that logic, very app should be designated “a counterintelligence threat”



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: