Over the summer, social media platforms were inundated with images of just about everyone you know looking unusually old or like an attractive member of the opposite sex. This was all thanks to an extremely popular smartphone application called “FaceApp.”

Despite first being launched in 2017, the app became a massive hit in recent months, spending a fair amount of time in the top spot in lists of free applications for both Apple and Android devices. However, despite the good time seemingly being had by all, it wasn’t long before people started asking hard questions about how data transmitted through FaceApp was being stored… and what it could eventually be used for.

FaceApp, it turned out, is a Russian developed and based application. This means that every image you uploaded into the facial recognition software could have been relayed to Russian servers before being sent back to your phone with some added wrinkles. The terms of service that came with the application did little to assuage concerns that the images could find a permanent home in Russian hard drives for use in whatever they are deemed fit.

If you aren’t particularly concerned about Ivan hanging on to  your selfies, you should know that the app worked by recording biometric data about you (the specifics of your facial structure); and that the terms of service you agree to when using the app also allow the company (or other Russian affiliates) to use your likeness, username, and even real name for commercial purposes.

Of course, this isn’t entirely unusual in this era of smartphone applications — but FaceApp’s servers are parked in the same nation that has been repeatedly caught attempting to meddle in far more than elections. In recent years, Russia’s digital endeavors have branched far and wide: from promoting anti-Vaxxer messaging, stoking racial conflicts in American cities, and even causing outrage toward both genders over “manspreading” on subways.

Remember that viral video of a woman pouring bleach on “manspreaders” riding the subway? It helped stoke rage between men and feminists everywhere… and was also paid for by the Kremlin.

In most mainstream media outlets, Russia’s digital manipulation efforts may only enter the conversation regarding the 2016 election cycle, but the truth is that Russia isn’t in Trump’s corner — they’re in their own: The greatest success they’ve achieved in decades has been planting the seeds of dissent throughout the American population. In short, Russia wants us to tear each other apart because this makes us weaker on the geopolitical stage… and in case you haven’t noticed, that sounds an awful lot like what’s been happening as of late.

So, it was with these very concerns that Senate Minority Leader Chuck Schumer wrote to the FBI in July, expressing his fears about the widespread use of the Russian app, before urging 2020 Democratic candidates not to participate in the fad. On November 25, the FBI responded to Schumer’s letter, specifying that the Bureau considers “any mobile application or similar product developed in Russia, such as FaceApp, to be a significant counterintelligence threat.”

As the FBI points out in its letter, Russian officials don’t need to be involved in FaceApp’s business to gain access to all of the data collected and transmitted by the application: By Russian law, the Russian Federal Security Service (FSB) can access any and all such data without the need for pesky things like just cause or a warrant. In Russia, the FSB reserves the right (and capability) to remotely access all communications and servers on Russian networks without even having to notify the internet service providers, companies, or end users. In other words, even if FaceApp and its creators are entirely on the level, that doesn’t stop the Russian government from using everything it can glean from your cell phone (and the cell phones of millions of other Americans) for anything they see fit. The data isn’t going anywhere, so Russia can spend as long as they’d like finding creative ways to leverage it.

It’s worth noting that FaceApp claims that they do not transfer data to Russian servers, despite being based in Russia. They also claim to delete all information and data “shortly” after its use; but they contradict this statement by offering people to request to have their data deleted.