Last week, Russia unveiled a mandate requiring all new phones and tablets sold within its territory to come pre-installed with a messaging application named Max. Developed by the Russian social media giant VK, the app has quickly become a focal point of privacy controversies.
According to cybersecurity experts who performed a detailed analysis of the app using advanced phone forensic tools like Corellium, Max represents a considerable threat to personal privacy. An anonymous researcher expressed profound concerns over the continuous and expansive data logging performed by the app. The researcher highlighted, "Max is not secure at all. There is no cryptography, unless it’s hidden very well, but I doubt that. It is insecure by design to serve its purpose: people surveillance."
Patrick Wardle, an expert with extensive experience in cybersecurity and CEO of DoubleYou, verified these findings. He confirmed that Max's code indeed harbors capabilities for high-accuracy background location tracking, suggesting its potential for subverting user privacy. "Real-time location and access to communications of its citizens—what more could an authoritarian government want?" Wardle remarked, tapping into the broader implications of the app's usage within an authoritarian context.
Features and Accessibility
Launched this March, Max targets Russian and Belarussian users, functioning similarly to globally recognized apps like Telegram and WhatsApp. However, distinct features such as the AI chatbot GigaChat 2.0, travel bookings, and banking transfers set it apart.
Security analysts noted Max's requirement for permissions including camera and microphone access. It seems to borrow heavily from TamTam, VK’s older messaging platform, raising questions about its foundational security.
Industry Impact
Despite VK's ties with state-run entities like Gazprom and Rostec, and its leadership under CEO Vladimir Kiriyenko, son of a notable figure in the Russian government, the company remains silent on the mounting criticisms. At its financial report earlier this month, VK boasted revenue figures totaling 72.6 billion Russian rubles, illustrating its substantial market influence.
Beginning September 1, not only is Max set to be a requirement on all devices sold in Russia, but RuStore, a domestic app store, will secure its place on all Apple devices. Prior installations on Android have already taken place. Furthermore, Lime HD TV, an app dedicated to streaming state-monitored channels, will become mandatory for smart televisions starting January 1 next year.
This pathway forwards Russia in its strategy to assert control over digital communications. However, it raises critical questions about privacy and security in a landscape increasingly wary of digital surveillance. Despite the sophisticated features mimicking those of leading tech applications, Max and its related technologies might pose a significant risk to individual user data.
As international scrutiny intensifies, consumers and industry stakeholders alike remain alert to developments surrounding VK’s Max and software drivermax in Russia’s tech-driven future.
