The Russian messaging app MAX has been designated as a spyware application
The provider Cloudflare has flagged the max.ru domain as a spyware site, raising new security concerns about the "national messenger." Experts had previously also warned of possible collection of user data and its transfer to Russian authorities.
This is reported by Russian Telegram channels.
Cloudflare, the largest hosting provider, has flagged the domain of the “national messenger” MAX as spyware. The corresponding status has already appeared on max.ru. It is unknown exactly when this flag was added.
At the same time, the domain still has a TLS certificate, which confirms the project’s authenticity and ensures a secure connection via HTTPS.
Previously, Cloudflare had already flagged an unofficial Telegram messenger client called Telega as spyware. Following this, the TLS certificate was revoked, and the app was removed from the App Store. The developers later explained the situation as a classification error.
Experts have repeatedly called MAX potentially spyware. In particular, Mikhail Klimarev, head of the “Internet Protection Society,” noted that the privacy policy provides for the transfer of data upon requests from the FSB, the Ministry of Internal Affairs, the Federal Tax Service, and the Bank of Russia.
Researchers on GitHub, after analyzing the app’s APK file, found that it tracks processes on the device, collects geolocation data, lists installed apps, and can even record audio, video, and typed text.
Earlier, the Kremlin temporarily refused to block Telegram due to the failure with “Mak.”
The Russian State Duma immediately passed amendments to the Housing Code in the second and third readings, requiring apartment buildings to maintain chat groups on the national messenger Makh.
Putin’s Makh messenger turned out to be 60 times less popular than Telegram.
