The revelation comes from the Financial Times: Yandex, the Russian Google, would have created software that allows developers to create apps for mobile devices compatible with the iOS and Android operating systems, which are the most used in the world. According to security researcher Zach Edwards, the code of the tech giant is contained in at least 52,000 applications downloadable from the App Store and Play Store, and could be present – but this is only an estimate – in hundreds of millions of phones. around the world.
Data potentially accessible to the Kremlin
The problem is that Yandex, according to what we learn, once the user data has been collected, sends them to servers located in Russia, and therefore potentially accessible to the Kremlin, which could use them to identify and track people who are ‘uncomfortable’ with the regime. The company explained that it is virtually impossible to trace a user’s location based on the metadata collected, and that data, “limited” and “non-personalized”, is not transferred to the government.
Cher Scarlett, a former Apple engineer, intervened on this point, explaining that once all information about users has been collected and sent to Russian servers, Yandex could be required to present it to the government – in the case expressly requested – according to the laws in force in Russia. Other cybersecurity experts said they were confident that the metadata collected by the giant could be used without problems to identify users and thus locate them.