MILLIONS of Android and iPhone users have been warned that Russian search engine Yandax may be harvesting their data.
Many people are concerned about the sharing of this data with the Russian government, as tensions between Russia and the United States increase.
Russia’s invasion of Ukraine prompted the United States and other Western countries to apply untouched invisible sanctions against the country.
Companies have also suspended or halted operations in Russia to protest the invasion.
In this context, one of the Russian Internet research companies, Yandax, has the ability to collect data from users around the world, according to BGR.com
Many fear that the company could use this data to track people or pass it on to the Russian government and its spy agencies, he adds.
Users who do not directly use Yandax’s services are also at risk.
By simply downloading one of the thousands of apps that use Yandax’s SDK, data can be collected without your knowledge.
The acronym SDK stands for Software Development Kit, according to IBM.com
Researcher Zach Edwards uncovered data collection practices. Edwards analyzed Yandax’s code while participating in an application audit campaign.
His findings were then verified by four independent experts who conducted tests to The Financial Times.
The company confirmed that it collects devices, networks and IP addresses of smartphone users and stores the data on servers in Russia and Finland, according to the report.
They also admitted that it was possible to track someone based on this data, but also said the company couldn’t do something like that.
Of the millions of apps available to users, around 52,000 of them contain Yandax’s SDK.
This SDK may also be free for those who decide to build their own apps, but in return developers want user data, according to the website.
Applications for games, messaging, location tools and VPNs may contain this SDK.
Even apps designed specifically for Ukrainians have it.
Many are concerned about the increased risk to the safety of these individuals in particular.
The company said its SDK works similar to Google’s Firebase, where user data is collected only after user consent, according to the website.
However, their SDK doesn’t have to ask user’s permission to track location, that’s up to a developer, who doesn’t have to include this feature if there’s no law requiring it.
To see if your phone’s apps have these features, check with the developer if their app uses the AppMetrica SDK.
It is also advised not to install any suspicious apps on your phone even if they come from a trusted source.
We pay for your stories!
Do you have a story for The US Sun team?