Most Russian services, and not just Max messenger, as previously thought, monitor the presence of VPN on users’ phones. Experts came to this conclusion After I studied 30 popular apps for Android. These include banking, payment services, marketplaces, delivery services, taxi hailing, navigation, social networking and video hosting. Many of these applications work like full-fledged spyware: they collect data about other installed programs, record every touch on the screen, and try to hide their actions. Medusa recounts the key points from the new study and offers some tips on how to protect yourself from surveillance.
As part of a new study, RKS Global experts selected 30 popular Russian applications for Android from the Google Play and RuStore digital stores. These included, among others, the services of Yandex, VK, Sber, the Ozon and Wildberry markets, as well as applications for MTS and Megafon.
The heads of almost all of these companies participated in a recent meeting with the head of the Ministry of Digital Development, Maksut Shadayev, on the matter I mentioned Sources of red blood cells. In this, the head of the department said that companies should limit access to their platforms for people who use VPNs. If companies do not do so, they may be denied IT benefits (for example, relieving employees from packing reservations). They are also excluded from the “whitelist” – the registry of Internet resources, which remains accessible during the mobile shutdown in Russia.
How to identify people who have VPNs installed is explained in the Department for Digital Development’s guide and text published Telegram channel “IT Workers Union”. According to RBC’s interlocutors, the new requirements should enter into force on April 15, although one source noted that this is only an approximate date. However, research conducted by RKS Global shows that most companies are already prepared to spy on users.
22 out of 30 Russian apps search for VPN on your phone. Yandex Browser also wants to know if Tor is installed on the device
To evaluate applications, use experts. The research was conducted using 68 control points in 12 categories – not just VPN and proxy tracking. For example, RKS Global tested whether the software analyzes other apps installed on the phone, reads device metadata, tracks user behavior patterns, and attempts to hide data related to all of these actions.
Complete information about all applications can be found in the summary table. After the analysis, the researchers classified the services based on the number of tests they perform. The maximum score that an application can receive is 68 points (based on the number of control points).
The leaders of this rating were the T-bank and Megamarket Marketplace applications owned by Sber. Both scored 65 points – roughly, these are apps that actively monitor users.
Next come the social networks VKontakte and Odnoklassniki, as well as the Sberbank Online application (all with 64 points). All these services, among other things, in one way or another try to find a VPN on the phone.
Only out of 30, at the time of analysis, they did not track whether jailbreak tools were installed on the user’s device. The remainder used at least one identification method, or even several methods, for these purposes. The two leaders are Yandex Browser and Yandex Maps, which use four tools simultaneously to search for a VPN. Moreover, the first app turned out to be the only app that also searches, among other things, for the Tor browser.
Messenger Max (like 16 other apps) directly asks the operating system if traffic is going through the VPN. However, this is not news. For the first time about the presence of a spyware module in the application became known A month ago. Another interesting thing is that the messenger uses it to hide the VPN detection function from researchers.
Russian apps want to know everything about users. But they try hard to hide it
Some services collect information about users that is far from clear. For example, 11 applications (including the same T-Bank, Alfa-Bank, Sberbank Online as well as 2GIS and even Rutube) collect behavioral biometrics. That is, they analyze every touch on the smartphone screen, taking into account exactly where you usually press, the force of pressure and the time. According to the researchers, this allows the user to be identified by the way the device is used.
Avito scans your smartphone for more than 200 other programs. Among them there are direct competitors (for example, the advertising service for the sale of cars “Drom Auto”), and simply applications from banks, marketplaces and social networks. Why Avito needs this information is not clear.
Ozone and Samocat check whether the phone has software to control the device remotely. The latter, among other things, checks installed VPN applications, even if none of them are used. Mega Market does the same thing.
Finally, four applications (again, T-bank, Yandex Browser, Yandex Maps and Yandex Music) search the phone for signs of using Frida, a tool for reverse engineering, that is, software analysis. The researchers concluded that developers are reluctant to reveal the full capabilities of their applications and prevent users from learning about built-in monitoring tools. “Yandex Maps, the navigator, is protected as if it were military software.”“, confirms RKS Global.
You can escape complete surveillance. But it is still very difficult to hide the presence of a VPN
There are different ways to protect yourself from complete surveillance or at least reduce the risks. The simplest is to get a second phone exclusively for Russian applications. On the first device, you can continue to use your usual services that require a VPN.
The recommendation is also suitable for users outside Russia who need to use Russian services for one reason or another. At the very least, this will prevent unnecessary user data from reaching Russian servers.
If you only have one phone, this might help. shelter It is a free application that allows you to create an isolated space on your Android phone. This way, Russian programs will not be able to know what other services the person is using.
Unfortunately, getting rid of monitoring directly by bypassing the locks is much more difficult. Shelter will not help here – it does not hide the signs of VPN use at the operating system level.
For these purposes, traffic tunneling technology, available in some VPN clients, is more suitable. That is, Russian applications will bypass the VPN, and all other applications will work with them. However, experts point out that this also does not guarantee safety. Apps that scan the tun0 virtual network interface (created when you connect to a VPN) will still see unblockers.
You can avoid this threat completely if you install a VPN tunnel on your home router. In this case, the phone will simply connect to the Wi-Fi network, and you will not see Russian VPN applications directly on the phone. Unfortunately, this solution is also not optimal and will not be suitable if a person needs to use mobile Internet.
It should be noted that the RKS Global study pertains to Android only. How the same apps behave on iOS and what information they collect is unknown. In addition, it is still unclear how exactly the filters of Russian companies will work, how carefully the use of block bypass means will be monitored, and most importantly, how exactly they will distinguish regular foreign traffic from VPNs. Some telecom operators generally I’m not sureThat this is possible.
Meduza can be read even during lockdowns. Our site will open without VPN and dance with tambourines using this magic connection (Save it!) or using a browser plugin (How to install it). But the most reliable way is to read Meduza in the app: download Him and we will be in touch no matter what happens.