Conversation

Zach Edwards 🔗infosec.exchange/@thezedwards
@thezedwards
I'll have more tomorrow, but new research just dropped that I helped w/ as part of ongoing @me2balliance app audits - there are countless mobile data supply chains compromised w/ Russian software from Yandex creating untenable risks for people⛈️⚖️ ft.com/content/c02083
Russian tech giant’s data harvesting raises security concerns
2
17
Zach Edwards 🔗infosec.exchange/@thezedwards
@thezedwards
Replying to
@thezedwards
Hundreds of VPNs have this SDK, including several which are openly targeted to people in Ukraine, and 21 VPNs with the Yandex Appmetrica SDK were added into app stores in just the last 30 days. The Opera browser had the Appmetrica SDK until 9 days before the Russian invasion...
Come On Please GIF
GIF
1
5
Zach Edwards 🔗infosec.exchange/@thezedwards
@thezedwards
Both Apple & Google need to do much more *immediately* to help consumers avoid these deeply dangerous mobile apps w/ the Yandex Appmetrica SDK installed within them... *especially* alerts on the VPN apps with this SDK & *especially especially* for those targeted to Ukrainians⛈️⚖️
Conversely, more than 2,000 apps have added the AppMetrica SDK since the invasion of Ukraine, including several that appear designed to track Ukrainian users. “Call Ukraine,” for instance, is a “free messenger for Ukrainians” that launched in the Play Store on March 10 using the blue and yellow flag as its icon. Once downloaded, the app can see a user’s ....
8