Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Russia's top tech giant is harvesting data from millions of iOS users

Yandex on a smartphone. Credit: SEO Journal

Russian search engine company and advertising firm Yandex may be harvesting data from millions of iOS users and sending it to Russia, a new report claims.

Yandex — said to be the Russian version of Google — maintains a search engine, advertising tools, and other services. Its services include the AppMetrica API, which many developers use as an easy way to obtain analytics data for their app.

According to a new report from The Financial Times, security researcher Zach Edwards has discovered that Yandex analytics code is embedded in 52,000 apps on Apple and Google software. From there, it's reportedly reached "hundreds of millions of consumers."

Yandex acknowledged that data collected through its API and other services gets sent to Russian servers. It noted that it had a "very strict" process for dealing with government requests for data, which includes turning out any requests that don't comply with "relevant procedural and legal requirements."

However, security experts warn that once data is stored in Russia, there's little Yandex can do to stop the Russian government from obtaining it.

Additionally, some of the data that the Yandex API collects includes metadata that can be used to identify users.

"For people with a high-threat profile or working in high-profile jobs, using apps that send this data to Moscow is dangerous and can potentially lead to attacks on home networks or other forms of digital surveillance," said Edwards, the security researcher who discovered the code's prevalence.

The apps that use the AppMetrica API include games, messaging services, location-sharing tools, and "hundreds" of virtual private network (VPN) apps. Seven of the VPNs that researchers identify explicitly target a Ukrainian audience. Total downloads of apps with the API reach the hundreds of millions.

Yandex defended its tool, likening it to similar development kits provided by Google and others. It also noted that it has "never given out any information on users of any apps with AppMetrica installed on them, nor have we ever been asked to."

Apple, for its part, says that the AppMetrica API can be stopped with its own App Tracking Transparency technology.



16 Comments

BiggieTall 4 Years · 19 comments

 The apps that use the AppMetrica API include games, messaging services, location-sharing tools, and "hundreds" of virtual private network (VPN) apps. Seven of the VPNs that researchers identify explicitly target a Ukrainian audience. Total downloads of apps with the API reach the hundreds of millions.”

Name names please

🎁
diz_geek 12 Years · 57 comments

“ The apps that use the AppMetrica API include games, messaging services, location-sharing tools, and "hundreds" of virtual private network (VPN) apps. Seven of the VPNs that researchers identify explicitly target a Ukrainian audience. Total downloads of apps with the API reach the hundreds of millions.”

Name names please

I know…. At least a few would be good!  I’d want to do a bit of an audit on my device…

🌟
mac_dog 16 Years · 1084 comments

How is this any different than the means google and Facebook or “Meta” (stupid name) collect our data, then sell to the highest bidder? 

Where will our government draw the line, I wonder? Data theft is ok if it’s domestic, I’m guessing. 
/s

🎄
DAalseth 6 Years · 3071 comments

The apps that use the AppMetrica API include games, messaging services, location-sharing tools, and "hundreds" of virtual private network (VPN) apps.

I hope it's not Nord VPN. I have another year on my contract.

🍪
rob53 13 Years · 3315 comments

Does Apple’s App Tracking Transparency technology actually stop it during the app review stage or when an app actually runs? If the ladder does it actually stop it or can it be circumvented? With the current events I hope Apple is proactive and challenges app developers use of this api. 

It really isn’t any different than Google and Facebooks use of their servers to steal my personal data but it would be nice if the App Store identified where data actually goes.