What big tech companies do with the vast dump of user data has been highly in question over the last few years. Now, Russia’s largest internet company, Yandex has been exposed for harvesting and storing user data from millions of users.


Table of Content

Yandex, or the “Russian Google,” has developed a massive software development kit called “AppMetrica”. Developers use AppMetrica as a development kit for thousands of apps on both Android and iOS devices.

And Financial Times is now reporting that Yandex has been harvesting the data from the millions of users that use apps with AppMetrica and storing that data in servers in Russia.

Apps that use the AppMetrica SDK include games, messaging apps, and hundreds of VPNs. This revelation is obviously raising concerns of privacy advocates everywhere.

Zack Edwards, a researcher for Me2B Alliance who initially discovered that Yandex was doing this, had this to say:

“The AppMetrica SDK claims to provide appropriate services, all while phoning home to Moscow with deeply invasive metadata details that can be used to track people across websites and apps.”

And Senator Ron Wyden criticized Apple and Google for not doing enough to stop Yandex from doing this.

“Every day that apps built off the Russian Yandex SDK remain in those stores is further proof that the consumer safety they [Apple and Google] claim to offer is an illusion,” he says.

Yandex says it’s not doing anything shady

Despite this, Yandex told Financial Times that it “operates in the same way as international peers.” The company added, “We inform developers regarding the functioning of AppMetrica, and they are obliged if required by law, to get consent from their users.”

The company confirms that it collects and stores user data in both Finland and Russia. However, it says that it is extremely difficult to use the data it collects to identify any individuals. That identification is something that the company says that even it cannot do.

But the company’s internal capabilities are not the primary concern in this situation. Because Yandex stores its data locally on servers in Russia, local law could make the stored data subject to search and seizure by the Russian government.

Though Yandex says it has never shared or been asked to share any data it collects, the potential still exists. And with the recent Russian invasion of Ukraine, the scrutiny of a Russian-based big tech business like this one is at an all-time high.

Some apps have started removing the AppMetrica SDK from their apps. And Google told Financial Times that it would conduct an investigation based on recent findings.

Hopefully, this is something that big tech will actually take seriously. An additional 2,000 apps have added AppMetrica since the invasion of Ukraine. That means that Yandex’s potential to cause harm with its massive data dumps continues to rise.

Post a Comment

Previous Post Next Post