Russia's MAX app may know - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Russia's MAX app may know
De:       Mike Powell
Data:     Fri, 13 Mar 2026 10:07:43 -0500
-----------------------------------------------------------
Russia's state-backed MAX app may know if you are using a VPN to bypass
censorship  here is everything we know

Date:
Thu, 12 Mar 2026 15:05:17 +0000

Description:
Russia's digital rights group, RKS Global, urges removing the MAX app from 
any device where a VPN is used, warning that other VK-developed apps are
likely to include such functionality.

FULL STORY
Security researchers found Russia's MAX app can monitor VPN users
MAX rejects allegations, saying data is used to ensure high-quality service
Experts urge removing the app from any device where a VPN is used

A user on Russian security forum Habr has claimed that Russia's state-backed
messaging service, MAX, can monitor VPN users, claiming it turns "the national
messenger into a state spyware tool."

The user published details that they say show the app "contains a spy 
module." After being contacted by TechRadar, technical experts at RKS Global
a digital rights organization focused on Russia  said they were able to 
"fully confirm" the findings following an independent analysis of the app's
latest version. RKS Global told TechRadar: "MAX can determine that the user 
is using a VPN, identify the IP address of the VPN server, see the users ISP,
and detect which restrictions or blocks the user is bypassing."

The app is developed by VK  the Russian provider behind Mail.ru email and
VKontakte social media services  and is integrated with government services.
It was first launched in March 2025 and, since September, must be
pre-installed on every new smartphone and tablet sold in Russia. 

The press team at MAX was quick to reject tracking allegations , claiming the
"technical solutions used are aimed at ensuring high-quality service 
operation  primarily calls and notifications." The company added that "they
have no bearing on personal data or the use of other services, including 
VPN." 

Russian VPN provider, Paper VPN , offered a more cautious perspective. In a
post on X , the team points out that while MAX indeed connects to foreign
servers, there are "no indications that this data is being collected
specifically for analytics on bypassing blocks." 

TechRadar has approached MAX for comment.

How MAX reportedly tracks VPN users and the potential risks -- According to
the technical analysis confirmed by RKS Global, every time a user opens the MAX
app, a hidden module named HOST_REACHABILITY collects and sends details about
their network environment to VK servers in Russia. 

Under Russian law, VK must store and share this information with law
enforcement upon request. 

The transmitted data reportedly includes whether the user is connected to a
VPN, which websites are accessible or blocked on their network, their real IP
address, and their ISP. Crucially, users cannot disable this monitoring.

The analysis also found evidence that the module can be controlled remotely.
This, RKS Global explains, indicates that targeted activation is possible.
Additionally, the app's traffic appears to be deliberately obscured to make
these checks more difficult to detect. 

RKS Global warned that this level of tracking could lead to the
de-anonymization of VPN connections  a particularly severe risk for users in
Russia. 

While VPNs themselves aren't strictly illegal in Russia, their usage is being
increasingly criminalized. In July 2025, the Russian Parliament approved a 
law to punish online searches for so-called 'extremist' content and
established the use of a VPN to access banned materials as an aggravating
legal factor. 

Paper VPN, however, noted that the Kremlin already has the ability to monitor
VPN usage through other services. Still, the provider echoed concerns about
the broader privacy risks of using the app, stating simply that "MAX is not a
secure and confidential messenger." 

These latest findings follow a separate technical study from last August ,
which concluded that MAX possesses "enormous surveillance potential. How to
stay safe Security researchers at RKS Global are urging anyone using MAX on a
device with an active VPN connection to remove the application entirely. 

If deleting the app is out of the question, they suggest configuring a VPN at
the router level rather than directly on the device. If that is not an 
option, users should consistently disable their VPN before opening MAX. 

There are also some workarounds suitable for more advanced users, including
blocking the app's network traffic via a custom DNS or firewall. On Android,
users have the option to install MAX within a separate, isolated workspace to
restrict its access to the device's broader network state. 

RKS Global says that ultimately, removing the software is "the only reliable
mitigation" and warned that other VK-developed apps may include similar
tracking functionality.

Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/russias-state-backed-max-ap
p-may-know-if-you-are-using-a-vpn-to-bypass-censorship-here-is-everything-we-k
now

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/107)

-----------------------------------------------------------
[Voltar]