‘Russia’s Google’ Yandex Sending User Data to Country, May Share Information with Government

Yandex Security Breach

A report from today warns that Russian tech company Yandex is sending user data from millions of iOS app users to Russia. Known as “Russia’s Google,” the data sends whether or not you use the company’s apps. Current laws in Russia may sway the company toward making the information available to the government.

Yandex Obtains User Information

Any data you may have on a wide array of third-party apps may be potentially taken by Yandex. This is due to developers using tools created by the company. Yandex provides data analytics through its software development kit (SDK) AppMetrica. This saves developers both time and money, though the company then gets copies of the data in return.

The Financial Times has reported that the code was discovered by security researcher Zach Edwards. Edwards made the discovery during an app auditing campaign for the non-profit Me2B Alliance. After the discovery, four independent experts hired by The Financial Times verified the work.

Yandex has confirmed that it is collecting user data and sending it to Russian servers. However, the company claims that it is “extremely hard to identify users” based on the information collected. Despite this, experts are warning otherwise. Cher Scarlett, former principal software engineer in global security at Apple stated that once the information is on Russia servers, Yandex may need to submit to local laws and hand over the information. Additionally, experts state that the metadata Yandex is collecting may identify individual users.

Yandex has also received harsh criticism for censorship of the news during the current Russia and Ukraine conflict. The company’s former head of news recently urged ex-colleagues to quit the company. Several board members have officially resigned due to western sanctions.

AppMetrica’s Reach Unknown

The scope of AppMetrica’s reach is currently unknown, though it is likely vast. Games, messaging apps, location-sharing tools and VPNs made by developers can all use Yandex’s data analytics. Seven VPNs designed specifically for Ukraine citizens show signs of AppMetrica. According to app intelligence group Appfigures, total installs of apps that include AppMetrica are in the hundreds of millions.

Some app developers have recently removed AppMetrica from their apps. Additionally, the web browser Opera has stated that it disabled Yandex’s software developer kit, and that it will soon prepare for its full removal.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.