Russian software collects personal information from over 50,000 apps

An application development kit offered for free by Yandex, the Russian tech giant, collects information that is then stored on Russian servers. The proximity between the company and the Kremlin calls into question the end use of this data.

Your personal data is likely to end up on Russian servers. On Tuesday, March 29, the British daily newspaper Financial Times reported that tens of thousands of applications have been developed using software that collects information about users. The IT tool is provided by Yandex, a Russian search engine that is Google’s main competitor in that country. The recovered data is then stored on servers in Russia and Finland.

The Financial Times relied on research by data scientist Zach Edwards, who stumbled upon the Yandex code while working on an app as part of an audit campaign for the nonprofit Me2B Alliance. Subsequently, the British daily called on four independent experts to check her work.

Yandex offers an SDK (Sotfware Development Kit), a software “development kit” for applications called AppMetrica. This SDK allows applications to integrate core functionality: mapping, payment service, notification system, etc. Yandex software is attractive to developers because it is offered free of charge in exchange for access to user data, which facilitates targeted advertising. Other companies such as Google also offer similar services.

For further

In the grip of the Kremlin

AppMetrica’s “open access” makes it one of the most used tools on the market, with 36% of apps on Google Play using the SDK and 11% on the App Store, according to Appfigures. Services offered include video games, messaging apps, and virtual private networks (VPNs) for tracking the web without being tracked. According to the Financial Times, seven VPN applications are offered specifically for the Ukrainian audience. In general, applications installed hundreds of millions of times will be affected.

While information gathering is now part of every internet user’s daily routine, it raises more questions when famously private data ends up in the hands of a reputable company close to the Kremlin.

Yandex is considered the technology champion in Russia. The Russian search engine, rare enough to be underlined, opposes Google in its home country and retains a 45% market share against the California giant’s 51%, according to StatCounter. The Moscow-based company doesn’t stop at simple navigation as it shines in the local market with all new digital uses: home delivery, VTC, e-commerce, online video service…

Yandex’s ambitions are not limited to its borders, as the Russian giant offers its VTC services in several countries of the former Soviet bloc. In April 2021, the group traveled to France with Yango Deli, an express shopping service.

Russian software collects personal information from over 50,000 apps
Source: appfigures

The reality of the Russian regime is catching up with Yandex in this country, where it is difficult to reach that size without reporting to the Kremlin. In 2009, the government required the tech giant to integrate Russian decision makers before the company was listed on the stock market. Since 2016, the group has been required to remove political content deemed inappropriate. Roskomnadzor (Russian Cnil). More recently, on March 1, Lev Gershenzon, a former employee of Yandex-News, posted a letter on Facebook in which he almost accused his former colleagues of complicity with the Russian state by hiding military news.

Applications for Ukraine

Therefore, the Financial Times revelations are bad for the tech giant. Yandex admits to British journalists that its software collects information about device, network and IP address “which are stored” both in Finland and in Russia “but he called this data” non-personalized and very limited “. The group states: While theoretically possible, in practice it is extremely difficult to identify users based solely on the information collected. Yandex will definitely not be able to“.

The company said it only collects data after the app has obtained consent from users through the Android and iOS apps. Except that specifically from the moment you accept the general terms of the application, the data is potentially recovered by AppMetrica.

Several companies have decided to abandon the software after Russia invaded Ukraine. “ We decided to stop using Russian services when the war started This was reported to the Financial Times by a representative of the company Gismart, which produces dozens of games with AppMetrica installed. Opera, a browser with a built-in VPN option, has also said it has disabled the SDK since February 15th.

Russian software collects personal information from over 50,000 apps
The terms of use of the application “Call Ukraine” states that // Source: BB

Vice versa, more than 2,000 applications have added the AppMetrica SDK since the invasion of Ukraine on a daily basis. Some of them were aimed directly at the Ukrainian population. Among them is Call Ukraine, a messaging service launched on the Play Store on March 10. Once the terms are accepted, the app retrieves information about its user and their phone contacts. The email address in case of concern is in Russia: [email protected] As with many other Russian services, the dilemma of their use now arises.

For further

Marines, Marine Cyber ​​Command, January 2022 // Source: Jacob Osborne.

Leave a Comment