Major Russian Android apps know who's using a VPN, digital rights group warns

News
By published

Researchers found that 30 out of the 30 most popular Android apps can detect VPNs, with numbers likely to rise

Logos of popular Russian apps
(Image credit: RKS Global)
  • Researchers found that 30 out of 30 Russian Android apps can detect VPNs
  • The report identifies include MAX, VK services, and Yandex Browser
  • From April 15, Russian internet services are required to detect VPNs

The 30 most popular Android apps in Russia are now tracking on-device VPN access, with 20 of these services actively blocking or restricting functionality when a connection is detected, according to recent research.

The data, collected by Russian digital rights group RKS Global, follows a separate study indicating that the state-controlled "super-app" MAX can monitor whether users are connected to a VPN.

The shift comes as major Russian service providers were reportedly given an April 15 deadline to begin restricting VPN users.

Before the deadline, the same researchers found only 22 of the tested apps were scanning for VPN connections. By April 16, that number jumped to 100% of the tested apps.

RKS Global told TechRadar that they expect this trend to grow as more developers are forced to comply with Kremlin directives.

Which apps are scanning for VPNs?

The Max logo appears on a smartphone screen with the Russian flag in the background

(Image credit: Photo Illustration by Samuel Boivin/NurPhoto via Getty Images)

According to the RKS Global report, the list of applications capable of detecting VPNs includes the state-controlled "super-app" MAX, various local banking platforms, and major Yandex services such as Yandex Browser, Maps, and Music.

The researchers also identified VK services, including VK Video and Vkontakte, alongside several local marketplaces, as having implemented these scanning capabilities.

The study further claims that Yandex Browser is the only application tested that also searches for an active connection to the Tor Browser.

When contacted by TechRadar, a Yandex spokesperson denied that the browser scans user devices for Tor, saying: "Tor Browser is mentioned in the list of more than 100 browser exclusions, including Chrome, Firefox, Opera, Brave, DuckDuckGo, and others, for a single purpose: when a website prompts the user to open its app, the browser should not redirect the user to another browser; doing so would be pointless."

The company also argued that VPN-detection methods are a "common market practice for location-aware functionality and content targeting" used by many major services in Russia and abroad.

When asked to confirm whether Yandex is using its VPN-detection functionalities to prevent users based in Russia from using its services, the spokesperson said: "We comply with all applicable laws and regulations in the markets where we operate. We do not comment on internal systems or security-related processes."

TechRadar has a reached out to VK and MAX for comment.

An obligation to detect VPNs

The findings appear to be related to the government's push to prevent VPN usage to bypass increased online restrictions.

At the beginning of April, Russia's Minister of Digital Development instructed over 20 Russian online service providers how to detect and block VPN connections.

These measures are part of the Kremlin's plan to "reduce VPN usage" through new blocking obligations for companies, alongside new fines and fees for people caught using a VPN or similar circumvention tools.

Talking to TechRadar, Amnezia VPN's Founder, Mazay Banzaev, compared such scanning obligations to how spyware works. "Popular Russian applications are being encouraged to scan: device network settings, routing and DNS, the presence of VPNs and proxies at the system level, as well as connection behavior," he said.

How to evade detection

A VPN runs on a mobile phone placed on a laptop keyboard

(Image credit: Getty Images)

The guidelines issued by the Ministry of Digital Development actually highlight several limitations in current VPN detection, which residents are now using as a roadmap for workarounds.

RKS Global recommends running a VPN on a router, as this makes detection harder because all traffic is rerouted through an encrypted tunnel before it even reaches the mobile or laptop.

The researchers also suggest having two separate devices — one for Russian apps, and one for foreign apps accessed with a VPN — if possible. If you have only one Android phone, you should consider activating Android Work Profile to prevent apps from different profiles from being linked with each other.

Finally, it's worth remembering that officials' instructions also warn that verifying active VPN connections is more difficult on iPhones as "access to system parameters on iOS is significantly limited."

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.