AppleInsider is supported by its audience and can earn commissions as an Amazon Associate and Affiliate on qualifying purchases. These affiliate partnerships do not affect our editorial content.
Russian search engine company and advertising agency Yandex may be collecting data from millions of iOS users and sending it to Russia, a new report claims.
Yandex – allegedly the Russian version of Google – maintains a search engine, advertising tools and other services. The services include the AppMetrica API, which many developers use as an easy way to get analytic data for their app.
According to a new report from The Financial Times, security researcher Zach Edwards has discovered that Yandex analytics code is embedded in 52,000 apps on Apple and Google software. From there, it has reportedly reached “hundreds of millions of consumers”.
Yandex acknowledged that data collected through its API and other services is sent to Russian servers. It noted that it had a “very strict” process for dealing with government requests for data, including issuing requests that do not meet “relevant procedural and legal requirements.”
However, security experts warn that once data is stored in Russia, Yandex can do little to stop the Russian government from obtaining it.
In addition, some of the data that the Yandex API collects contains metadata that can be used to identify users.
“For those with a high-threat profile or working in high-profile jobs, using apps that send this data to Moscow is dangerous and could lead to attacks on home networks or other forms of digital surveillance,” said Edwards, the security researcher. who discovered the code’s prevalence.
The apps that use the AppMetrica API include games, messaging, location sharing tools, and “hundreds” of virtual private network (VPN) apps. Seven of the VPNs that researchers identify explicitly target a Ukrainian audience. The total number of downloads of apps with the API runs into hundreds of millions.
Yandex defended its tool, comparing it to similar development kits from Google and others. It also noted that it “never provided any information about users of apps with AppMetrica installed, nor were we ever asked.”
Apple, for its part, says that the AppMetrica API can be stopped with its own App Tracking Transparency technology.