Russia's top tech giant is harvesting data from millions of iOS users
Russian search engine company and advertising firm Yandex may be harvesting data from millions of iOS users and sending it to Russia, a new report claims.
Yandex on a smartphone. Credit: SEO Journal
Yandex -- said to be the Russian version of Google -- maintains a search engine, advertising tools, and other services. Its services include the AppMetrica API, which many developers use as an easy way to obtain analytics data for their app.
According to a new report from The Financial Times, security researcher Zach Edwards has discovered that Yandex analytics code is embedded in 52,000 apps on Apple and Google software. From there, it's reportedly reached "hundreds of millions of consumers."
Yandex acknowledged that data collected through its API and other services gets sent to Russian servers. It noted that it had a "very strict" process for dealing with government requests for data, which includes turning out any requests that don't comply with "relevant procedural and legal requirements."
However, security experts warn that once data is stored in Russia, there's little Yandex can do to stop the Russian government from obtaining it.
Additionally, some of the data that the Yandex API collects includes metadata that can be used to identify users.
"For people with a high-threat profile or working in high-profile jobs, using apps that send this data to Moscow is dangerous and can potentially lead to attacks on home networks or other forms of digital surveillance," said Edwards, the security researcher who discovered the code's prevalence.
The apps that use the AppMetrica API include games, messaging services, location-sharing tools, and "hundreds" of virtual private network (VPN) apps. Seven of the VPNs that researchers identify explicitly target a Ukrainian audience. Total downloads of apps with the API reach the hundreds of millions.
Yandex defended its tool, likening it to similar development kits provided by Google and others. It also noted that it has "never given out any information on users of any apps with AppMetrica installed on them, nor have we ever been asked to."
Apple, for its part, says that the AppMetrica API can be stopped with its own App Tracking Transparency technology.
Read on AppleInsider
Yandex on a smartphone. Credit: SEO Journal
Yandex -- said to be the Russian version of Google -- maintains a search engine, advertising tools, and other services. Its services include the AppMetrica API, which many developers use as an easy way to obtain analytics data for their app.
According to a new report from The Financial Times, security researcher Zach Edwards has discovered that Yandex analytics code is embedded in 52,000 apps on Apple and Google software. From there, it's reportedly reached "hundreds of millions of consumers."
Yandex acknowledged that data collected through its API and other services gets sent to Russian servers. It noted that it had a "very strict" process for dealing with government requests for data, which includes turning out any requests that don't comply with "relevant procedural and legal requirements."
However, security experts warn that once data is stored in Russia, there's little Yandex can do to stop the Russian government from obtaining it.
Additionally, some of the data that the Yandex API collects includes metadata that can be used to identify users.
"For people with a high-threat profile or working in high-profile jobs, using apps that send this data to Moscow is dangerous and can potentially lead to attacks on home networks or other forms of digital surveillance," said Edwards, the security researcher who discovered the code's prevalence.
The apps that use the AppMetrica API include games, messaging services, location-sharing tools, and "hundreds" of virtual private network (VPN) apps. Seven of the VPNs that researchers identify explicitly target a Ukrainian audience. Total downloads of apps with the API reach the hundreds of millions.
Yandex defended its tool, likening it to similar development kits provided by Google and others. It also noted that it has "never given out any information on users of any apps with AppMetrica installed on them, nor have we ever been asked to."
Apple, for its part, says that the AppMetrica API can be stopped with its own App Tracking Transparency technology.
Read on AppleInsider
Comments
/s
I hope it's not Nord VPN. I have another year on my contract.
Never trust the Russians.
Google doesn't sell user data, so the question itself is without merit.
* Google and Apple have identical disclosures of the special instances where user data may leave their possession. Neither company would profit from doing so in those for the most part legally-mandated exceptions.
And it’s not just “Russia or China” though they are probably also collecting it to use against us based on social & psychological profiling that allows them to turn everyone against each other. Most of those who buy & sell our personal information, searches, god knows what else is being collected are usually US based(not all but the big data brokers are) because that’s where the privacy laws are the most lax.
Not only can some of that stuff be dangerous to the safety of many people by ACTUAL “dissidents”/extremists who may or may not live close to them & therefore show up on people search sites that include a list(with LINKS) to all a person’s neighbors (including those who are put in danger by all their personal details, etc being bought & sold with no regulation in the actual states where extremists are in the majority) should they (or their buddies, etc) look THEM up, but it’s rife for identity theft. Name/bitrthdate/physical address(with map included right there on many sites), social profiles, OLD profiles that TONS of people need removed yet can’t be accessed because google refuses to delete YouTube channels one can no longer access, or allow gmail accounts that are needed for OTHER accounts to be accessed by speaking to a real Google employee so one can PROVE ownership by various means that “self-recovery” of accounts do not have any option for whatsoever/cars, properties, etc you own/jobs(current & previous)/etc, etc(some of which are beyond intrusive), & only more personal information will keep becoming available because of data mining by companies, apps, etc that they sell to other companies who sell to others until (if not directly from the initial company/app/whatever) it falls into the hands of data brokers…… these things are gold for identity thieves.
These things also put lives in danger in many parts of the United States… some WAY more than others. One doesn’t have to BE someone who is breaking the law. They only need be at risk from those people who ARE… or those who live where the law doesn’t protect them at all.
California(& 1 or 2 other states to a lesser extent) has SOME protections that allow individuals to access, request their file along with where the data came from, and request removal of the file. The rest have nothing. You can opt out but there are so many of these sites and you’d spend every minute trying to manually get all the information removed just to have to do it all over again over and over because as soon as they buy more data that includes YOUR data, it goes right back up and you have to keep trying to take it down over and over forever.
Canada & Europe have much better privacy policies, but most of the United States is a free for all for the profit of companies or anyone who creates an app & is willing to sell its users private information. It endangers anyone even if they don’t realize how. You don’t have to of done anything wrong, despite what some people seem to think.