Russian tech giant gathers data from iOS users worldwide

By

Yandex, aka Russia's Google, may be sending iOS users' data to Russia.
Yandex, aka Russia's Google, may be sending iOS users' data to Russia.
Photo: Yandex

Yandex, sometimes called Russia’s version of Google, gathers data from millions of iOS users and sends it to Russia, according to a new report.

Yandex harvests iOS users’ data and sends it to Russia

Like Google and other similar outfits, Yandex maintains a search engine, advertising tools and other services. Among its wares is the AppMetrica API. Many developers use it as an easy way to get analytics data for their apps.

Security researcher Zach Edwards discovered that Yandex analytics code is embedded in 52,000 apps on Apple and Google software, where it can reach “hundreds of millions of consumers,” according to a new report in The Financial Times. The newspaper enlisted four other experts to corroborate his research.

For its part, Yandex acknowledged that data collected through its API and other services ends up on Russian servers. The company said it has a “very strict” process for responding to government requests for data. The process includes rejecting requests that don’t comply with “relevant procedural and legal requirements.”

But security experts warn that once data is stored in Russia, a company like Yandex can’t do much to keep the Russian government from getting it.

And some of the data the Yandex API collects includes metadata. With metadata in hand, companies or other entities can identify users.

“For people with a high-threat profile or working in high-profile jobs, using apps that send this data to Moscow is dangerous and can potentially lead to attacks on home networks or other forms of digital surveillance,” Edwards said.

Hundreds of millions of downloads

Apps using the AppMetrica API include messaging services, location-sharing tools, games and “hundreds” of virtual private networks (VPNs). Seven of the VPNs researchers identified target Ukrainian audiences. Total downloads of apps with the API reach the hundreds of millions, the report said.

Yandex likened its API to similar development kits that the likes of Google provide. And the company mentioned it has “never given out any information on users of any apps with AppMetrica installed on them, nor have we ever been asked to.”

In response to the situation, Apple said its App Tracking Transparency technology can stop the AppMetrica API.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.