📱 2022-03-29 15:04:00 – Paris/France.
A report today states that "Russian Google" Yandex sends data collected from millions of iOS app users in Russia, whether or not you use the company's apps. Laws could require the company to make the data available to the Russian government.
Your data may be extracted from a wide range of third-party applications that use a developer tool created by Yandex. Developers save time and money by using Yandex's AppMetrica API to get analytics data for their app, while the business gets user data back…
le Financial Times says a security researcher discovered the code that sends data to Russia and independently verified the claims.
Russia's largest Internet company has embedded code in apps found on mobile devices that allows information about millions of users to be sent to servers in its home country […]
Researcher Zach Edwards discovered Yandex's code as part of an application audit campaign for Me2B Alliance, a non-profit organization. Four independent experts conducted tests for the Financial Times to verify his work.
Yandex admits it collects the data and sends it to servers in Russia, but says it is "extremely difficult to identify users" from the information gathered. However, experts disagree.
Cher Scarlett, formerly a senior software engineer in global security at Apple, said that once user information is collected from Russian servers, Yandex may be required to submit it to the government under local laws. Other experts said metadata of the type collected by Yandex could be used to identify users.
The security and privacy implications could be enormous.
Some of the apps AppMetrica is installed on include games, messaging apps, location sharing tools, and hundreds of virtual private network tools designed to allow users to browse the web without being tracked. Seven of the VPNs are designed specifically for Ukrainian audiences. The total number of app installs that include the AppMetrica SDK is in the hundreds of millions, according to Appfigures, an app intelligence group.
We already know from attempts to circumvent Apple's privacy requirements for app tracking transparency that a vast array of innocuous-sounding data can be combined into digital signatures that can be tied to individual devices. The same approach used by websites can be used by application APIs.
Photo: ThisisEngineering RAEng/Unsplash
FTC: We use revenue-generating automatic affiliate links. Suite.
Check out 9to5Mac on YouTube for more Apple news:
SOURCE: Reviews News
Do not hesitate to share our article on social networks to give us a solid boost. 🤓