It is nicknamed “the Russian Google”, although it is listed on Wall Street. She is Yandex. It is about him that Zach Edwards gave the alert on Twitter. This California-based researcher who works for an NGO, the Me2B alliance, has identified 52,000 applications on iPhone and Android, which are based, in part, on computer code made available free of charge to publishers, by Yandex. This code is called an SDK. And it has a name: AppMetrica.
The role of this marketing platform is to collect information “deeply invasive”, says Zach Edwards: sufficient data to identify you. And when we talk about 52,000 apps, we’re talking about hundreds of millions of users, according to AppFigures. The problem is that this data is sent to Finland, but also to Russia, where it is stored on private servers. And in Russia, the law allows the government to access these files, which would allow the Kremlin to track some of these users.
What apps are affected? First, there are the games, more than 40% of the total, everyday games, to pass the time in the subway: solitaires, puzzles, sudokus and more Premium games like Cut The Rope Where Helix Jump.
Second category: utilities to scan a document, for example, or make a photomontage. In the list, we also find the Adidas app. And then there are VPNs, these apps that allow you to browse the Internet as if you were in another country. VPNs allow, a priori, to surf incognito, but 21 VPNs have integrated AppMetrica in recent weeks. It is therefore a real concern, especially for Ukrainians who are using them massively at the moment.
Yandex ensures that AppMetrica collects data only with the consent of the user. Agreement that the iPhone requires apps to request for almost a year. But how to be sure? To protect yourself, the ideal would be to avoid these 52,000 apps which represent between 1.5 and 3% of the total number of apps on the Apple and Google stores. A number of publishers have started to clean up themselves, since the invasion of Ukraine, by removing AppMetrica from their applications. This is the case of Gismart, with its 28 games downloaded 1 billion times. Another example: Opera, a popular browser with built-in VPN, has disabled AppMetrica.
On the contrary, more than 2,000 apps have adopted AppMetrica since the invasion of Ukraine, some of which appear to have been designed specifically to track Ukrainian users. This is the case of “Call Ukraine”, a free messaging service launched on March 10 on Android. Once installed, the app has access to the user’s identity and all of their contacts. So beware!