In a recent reverse-engineering study published on the Russian technology platform Habr, significant revelations have emerged regarding the state-mandated messenger, Max. The application, developed by VK and backed by the Kremlin, is preinstalled on all new smartphones sold in Russia as of September 1, 2025. Its design ensures uninterrupted functionality, even during internet blackouts, by being on the “white list” of the country’s deep packet inspection system. Following the ban of WhatsApp in February 2026, officials have actively encouraged citizens to adopt Max, positioning it as a “sovereign” alternative to Western messaging platforms.
A messenger built into every new Russian phone
The study, conducted by a programmer under the pseudonym “zarazaex,” meticulously cataloged over a dozen covert surveillance features embedded within Max. Among the most alarming findings are:
- VPN Detection: The application can block access to chats and internal mini-apps until users disable their VPNs, with the capability to toggle this feature remotely on selected accounts.
- Contact Monitoring: Max conducts real-time surveillance of users’ contact lists, including hashed phone numbers of individuals who have never installed the app, with data collection intervals set by the server.
- NFC Control: Any mini-application within Max can manipulate the phone’s NFC chip, allowing it to mimic access passes or loyalty cards without user awareness.
- Message Deletion: The application can silently erase messages from a user’s device through hidden push notifications, leaving no trace in the conversation history.
- IP Address Tracking: A covert module can capture users’ real public IP addresses, even when a VPN is active.
- Hardware Identifier: A unique identifier from the phone’s secure processor zone persists through factory resets and app reinstalls.
- Fake Chats and Reviews: The server can create “fake chats” and manipulate Google Play reviews, redirecting ratings back to Max’s servers.
- Code Injection: Servers can inject code into open mini-applications, bypassing Android’s screen-capture protection to allow third parties to capture private chats.
What the researcher uncovered
Among the most concerning discoveries is an on-device machine-learning system capable of detecting keywords from continuous audio input. While the specific words are not transmitted, the occurrence of a match is logged back to the server, providing Moscow’s operators with insights into user conversations. Additionally, the study revealed that Max can silently record raw microphone audio during calls, capturing both the user’s voice and that of the other participant, with the recordings uploaded to an analytics service without any user notification.
Listening through the microphone
Max’s functionality extends to continuous monitoring of users’ access to foreign services, such as Google and Telegram. This data, along with the user’s external IP address and VPN status, is compiled into a report and sent to the company’s analytics channel. While Max’s press service has framed these checks as necessary for ensuring call functionality, the inclusion of sensitive user information raises significant privacy concerns.
Probing the open internet
The implications of these findings coincide with a broader initiative by Moscow to consolidate Russian internet traffic through state-controlled platforms. The integration of Max into daily life is not limited to consumer devices; it has even reached the International Space Station, where it has been used to facilitate communication between cosmonauts and the Roscosmos press office. Critics argue that the promotion of Max is not merely a market-driven endeavor but part of a larger strategy to establish a “sovereign” communications system, raising questions about the future of digital privacy and freedom in Russia.
