MobileNews

Yandex is sending data harvested from millions of iOS users to Russia

A report today says that ‘Russian Google’ Yandex is sending data harvested from millions of iOS app users to Russia – whether or not you use the company’s apps. Laws there could compel the company to make the data available to the Russian government.

Your data can be grabbed from a wide range of third-party apps which use a developer tool created by Yandex. Developers save time and money by using the Yandex API AppMetrica to obtain analytics data for their app, while the company gets user data in return …

The Financial Times says that a security researcher discovered the code which sends data to Russia, and that it has independently verified the claims.

Russia’s biggest internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country […]

Researcher Zach Edwards first made the discovery regarding Yandex’s code as part of an app auditing campaign for Me2B Alliance, a non-profit. Four independent experts ran tests for the Financial Times to verify his work.

Yandex admits that it collects the data and sends it to servers in Russia, but claims that it is ‘extremely hard to identify users’ from the information collated. However, experts disagree.

Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.

The security and privacy implications could be huge.

Among the apps with AppMetrica installed are games, messaging apps, location-sharing tools and hundreds of virtual private networks tools designed to allow people to browse the web without being tracked. Seven of the VPNs are made specifically for a Ukrainian audience. Total installs of apps that include the AppMetrica SDK are in the hundreds of millions, according to Appfigures, an app intelligence group.

We already know from attempts to circumvent Apple’s App Tracking Transparency privacy requirements that a vast range of innocuous-sounding data can be combined into digital signatures which can be tied to individual devices. The same approach used by websites can be used by app APIs.

Photo: ThisisEngineering RAEng/Unsplash


Check out 9to5Mac on YouTube for more Apple news:

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Ben Lovejoy
Source: 9TO5Google

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!