Russian Tech Giant Yandex's Data Harvesting Raises Security Concerns
Published on March 30, 2022 at 12:14AM
Russia's biggest internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. From a report: The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple's iOS and Google's Android, systems that run the vast majority of the world's smartphones. Yandex collects user data harvested from mobiles, before sending the information to servers in Russia. Researchers have raised concerns the same "metadata" may then be accessed by the Kremlin and used to track people through their mobiles. Researcher Zach Edwards first made the discovery regarding Yandex's code as part of an app auditing campaign for Me2B Alliance, a non-profit. Four independent experts ran tests for the Financial Times to verify his work. Yandex has acknowledged its software collects "device, network and IP address" information that is stored "both in Finland and in Russia," but it called this data "non-personalised and very limited." It added: "Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this." The revelations come at a critical time for Yandex, often referred to as "Russia's Google," which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin's desire for greater control of the internet. The company said it followed "a very strict" internal process when dealing with governments: "Any requests that fail to comply with all relevant procedural and legal requirements are turned down."
Published on March 30, 2022 at 12:14AM
Russia's biggest internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. From a report: The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple's iOS and Google's Android, systems that run the vast majority of the world's smartphones. Yandex collects user data harvested from mobiles, before sending the information to servers in Russia. Researchers have raised concerns the same "metadata" may then be accessed by the Kremlin and used to track people through their mobiles. Researcher Zach Edwards first made the discovery regarding Yandex's code as part of an app auditing campaign for Me2B Alliance, a non-profit. Four independent experts ran tests for the Financial Times to verify his work. Yandex has acknowledged its software collects "device, network and IP address" information that is stored "both in Finland and in Russia," but it called this data "non-personalised and very limited." It added: "Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this." The revelations come at a critical time for Yandex, often referred to as "Russia's Google," which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin's desire for greater control of the internet. The company said it followed "a very strict" internal process when dealing with governments: "Any requests that fail to comply with all relevant procedural and legal requirements are turned down."
Read more of this story at Slashdot.
Comments
Post a Comment