Data-harvesting code in mobile apps sends user data to “Russia’s Google”

Kirill Kudryavtsev | fake images

Russia’s largest internet company has embedded code into applications found on mobile devices that allows information about millions of users to be sent to servers located in their country of origin.

The disclosure relates to software created by Yandex that allows developers to create apps for devices running Apple’s iOS and Google’s Android, systems that run the vast majority of the world’s smartphones.

Yandex collects user data collected from mobile phones before sending the information to servers in Russia. Researchers have raised concerns that the Kremlin could access the same “metadata” and use it to track people through their mobile phones.

Researcher Zach Edwards first discovered the Yandex code as part of an app audit campaign for the Me2B Alliance, a nonprofit organization. Four independent experts conducted tests for the Financial Times to verify his work.

Yandex has acknowledged that its software collects “device, network, and IP address” information that is stored “in both Finland and Russia,” but called this information “non-personalized and very limited.” He added: “Although theoretically possible, in practice it is extremely difficult to identify users based solely on the information collected. Yandex definitely can’t do this.”

The revelations come at a critical time for Yandex, often known as “Russia’s Google,” which has long tried to chart an independent path without falling for Russian President Vladimir Putin’s desire for greater control of the Internet.

The company said it followed a “very strict” internal process when dealing with governments: “Any request that does not meet all relevant legal and procedural requirements is rejected.”

But Cher Scarlett, a former senior software engineer in global security at Apple, said that once user information is collected on Russian servers, Yandex could be forced to send it to the government based on local laws. Other experts said metadata of the kind collected by Yandex could be used to identify users.

Ron Wyden, chairman of the US Senate finance committee and one of the architects of US internet regulation, slammed Google and Apple for not doing enough to protect smartphones from Yandex software. , which has found its way into 52,000 apps reaching hundreds of millions of consumers

“These apps extract private and sensitive data from apps on your phone, threatening US national security and the privacy of Americans and others around the world,” he said.

Yandex is considered a global tech giant and is listed on the New York Stock Exchange and is majority owned by US funds. It is incorporated in Amsterdam and the founder Arkady Volozh lives in Israel. In 2019, the company reached an agreement with the Russian government, codifying a structure that ensures Moscow can intervene in some issues such as foreign acquisitions without control of day-to-day operations.

Leave a Comment