Data-harvesting code in mobile apps sends user data to “Russia’s Google” – Ars Technica

Front page layout
Site theme
Sign up or login to join the discussions!
Financial Times – Mar 29, 2022 2:18 pm UTC
Russia’s biggest Internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country.
The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple’s iOS and Google’s Android, systems that run the vast majority of the world’s smartphones.
Yandex collects user data harvested from mobiles, before sending the information to servers in Russia. Researchers have raised concerns the same “metadata” may then be accessed by the Kremlin and used to track people through their mobiles.
Researcher Zach Edwards first made the discovery regarding Yandex’s code as part of an app auditing campaign for Me2B Alliance, a nonprofit. Four independent experts ran tests for the Financial Times to verify his work.
Yandex has acknowledged its software collects “device, network and IP address” information that is stored “both in Finland and in Russia,” but it called this data “non-personalised and very limited.” It added: “Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this.”
The revelations come at a critical time for Yandex, often referred to as “Russia’s Google,” which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin’s desire for greater control of the Internet.
The company said it followed “a very strict” internal process when dealing with governments: “Any requests that fail to comply with all relevant procedural and legal requirements are turned down.”
But Cher Scarlett, formerly a principal software engineer in global security at Apple, said once user information was collected on Russian servers, Yandex could be obliged to submit it to the government under local laws. Other experts said that the metadata of the sort collected by Yandex could be used to identify users.
Ron Wyden, chair of the US Senate’s finance committee and one of the architects of US Internet regulation, heavily criticized Google and Apple for not doing enough to secure smartphones from the Yandex software, which has found its way onto 52,000 apps reaching hundreds of millions of consumers.
“These apps leech private, sensitive data from apps on your phone, threatening US national security and the privacy of Americans and other individuals around the world,” he said.
Yandex is considered a global tech giant and is listed on the New York Stock Exchange and majority-owned by American funds. It is incorporated in Amsterdam and founder Arkady Volozh lives in Israel. In 2019, the company reached an agreement with the Russian government, codifying a structure that ensures that Moscow can intervene on some issues such as foreign acquisitions without control of day-to-day operations.
You must to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
CNMN Collection
WIRED Media Group
© 2022 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported