This week, the FBI had a message for Americans cooped-up in quarantine. It decided to jump on the home fitness bandwagon to promote its app, the imaginatively named “FBI’s Physical Fitness Test App”, that lets you “learn what it’s like to train like an agent”.
The tweet provoked many raised eyebrows, with people quick to point out the extensive permissions required if you download it on an Android device, including precise location data, shared data storage, access to your full network, network connections, WiFi connections, and call history.
The app has actually been around since 2018, and privacy experts told CNBC at the time that the FBI’s privacy policies made it difficult to determine exactly what data the app collects. The FBI has predictably denied any untowardness, writing to Motherboard, “The app does not gather or save any personal information other than what you select for your profile. This information is stored solely on your phone, and it is not transmitted to, or saved by, the FBI”.
Regardless, the recent tweet provoked warnings and articles advising against downloading the app on privacy grounds. But there is one simple yet compelling reason that the fitness app may actually be benign. “The FBI doesn’t need an app like this on your phone to get your stuff,” points out Ross Anderson, professor of security engineering at Cambridge University. “They have cool tools and wide powers to get access to the lot – go read the Snowden papers.”
Sign up to Emerging Threats, our weekly cyber security newsletter
The disconcerting truth is that the FBI doesn’t need anything as lo-fi as a leaky app to snatch your data, because it has the most powerful online surveillance tools in the world at its disposal. The Snowden leaks revealed the scale of both “upstream” (internet cable-intercepting) and “downstream” (from internet companies) data hoovering by the NSA.
To illustrate this with a comparison, the Israeli hacking technology firm NSO Group sold spyware that allowed “zero-click” hacking of encrypted messaging service Whatsapp. If this technology is for sale on the global stage then it’s likely well within the reach of the FBI. In fact, it’s been noted that part of NSO Group’s business model is putting this calibre of surveillance tech at the fingertips of nation states with less finely tuned capabilities.
Not that there isn’t precedent for fearing apps. ToTok, a popular chat app in the United Arab Emirates turned out to be a spying tool used by the government to track its users, according to a New York Times report. But in the FBI’s case, if it wanted your data, it has far more sophisticated ways to get it.