This is political grand-standing at best, and would be a non-issue if you replaced the geographic location of the dev team with any other countries
I get it, Russia is the Big-Bad-Boogeyman right now. But if you think for a second that a real attempt at counterintelligence would publicly come from such an obvious point of interest, than I have a bridge to sell you
However, 2) I would imagine the probability that FaceApp does not have a vulnerability in it somewhere is extremely low, as in my experience essentially every single app has security flaws in them; the problem in your mental model is that you think someone would "find" a "component" that would be a smoking gun of some form, whereas only an idiot would make a back door something other than a security vulnerability (as essentially every single app has security vulnerabilities). Were any placed there on purpose? No one would ever know.
This is a legitimate threat model. I'm not sure why you think it wouldn't be. Spies and others do use fake identities. The threat model is that there is that there is a way to determine who is faking their identities.
A picture is a username... Are you trying to say that your face isn't personal identifying identification (PII)? I'm not sure what your argument is here, because it can't be that. That argument would be absurd, so I'm sure I am misunderstanding.
The funny thing to me is it nitpicks about the terms of service. Will a TOS prevent a foreign intelligence agency from using the data for nefarious purpose? That sounds silly.
It's a tit-for-tat response, showing that if they want to make this a trade war, their companies will get hurt too. So yes, national grandstanding.
Edit: Wups, dates are wrong. This FBI release is from November 25, so the Russian law is likely in response to it, not vice versa. Still national grandstanding, but the idiot party isn't necessarily the Russians.
Edit: Obligatory “why are you booing me, I’m right?”
We have seen lots of examples of ad analytics SDKs that push the iPhone beyond its intended sandbox. Most of them have been banned, but some operated for years before getting banned. It would be a disservice to brush away those concerns as fearmongering.