NewApp Digest
search bot

surveillance

Security researchers find 213 vulnerabilities in Russia’s state-backed messaging app Max
AppWizard
April 11, 2026

Security researchers find 213 vulnerabilities in Russia’s state-backed messaging app Max

Security researchers discovered 213 vulnerabilities in Max, Russia's state-backed messaging app, during a bug bounty initiative. This information was shared by Alexei Batyuk, CTO of Positive Technologies, at the Svyaz-2026 exhibition. The bug bounty program has been active since July 1, 2025, resulting in 288 accepted vulnerability reports and total payouts of nearly 22 million rubles. Common vulnerabilities could allow unauthorized access to user data through the manipulation of object identifiers. Max's press service claimed that user data is "reliably protected" and emphasized the importance of independent white-hat hackers in identifying vulnerabilities. Max was launched by VK in March 2025 and is being promoted by Russian authorities amid efforts to block other messaging platforms like Telegram and WhatsApp. The app has faced criticisms regarding user surveillance and security vulnerabilities.
Privacy Messenger Session Is Staring Down a 90-Day Countdown to Obscurity
AppWizard
April 10, 2026

Privacy Messenger Session Is Staring Down a 90-Day Countdown to Obscurity

The messaging app Session, which prioritizes user privacy and offers end-to-end encryption without requiring personal information for registration, is facing potential closure and has issued a call for support. The Session Technology Foundation (STF) has received funding to support operations for 90 days but will rely on volunteers after all paid staff have been let go. Development activities have paused due to insufficient funding, affecting the introduction of new features and the resolution of existing bugs. The STF has stated that it needs million to complete ongoing projects and introduce a subscription model to achieve self-sustainability. As of now, 0,000 has been raised towards this goal. Users can contribute at getsession.org/donate.
Bitchat Review: How Jack Dorsey’s Private Offline Messenger Works
AppWizard
April 9, 2026

Bitchat Review: How Jack Dorsey’s Private Offline Messenger Works

Bitchat employs the Noise Protocol Framework, specifically the XX pattern, for encrypted and authenticated communication. The Android version uses X25519 for key exchange and AES-256-GCM for message encryption. Bitchat operates without a central infrastructure, phone numbers, or traditional accounts, which reduces data collection and risks of censorship and surveillance. The app relies on Bluetooth connectivity, requiring physical proximity between users, which can enhance security but may lead to device identification. Metadata about nearby devices and connection instances may still be retained. Bitchat has not yet undergone a comprehensive external security audit, raising concerns despite its focus on privacy and encryption.
Conspiracy Theories Are Eclipsing the Real Dangers of Russia’s Messaging App Max
AppWizard
April 9, 2026

Conspiracy Theories Are Eclipsing the Real Dangers of Russia’s Messaging App Max

Russia's state-run messaging app, Max, allows authorities to monitor personal messages and calls extensively. Many Russians continue to use WhatsApp and Telegram, which are out of government reach. Following a WhatsApp ban, the government is considering restrictions on Telegram. Intelligence agencies have created bots on Telegram that can lead to legal consequences for users. The Max app offers complete surveillance of messages, photos, and calls without such provocations. Despite efforts to make Max appealing through features like age verification and integration with Gosuslugi, users are reluctant to switch from existing platforms. The government has attempted to position Max as the primary communication tool by potentially eliminating competitors, but Telegram's popularity remains a significant barrier. Recent decisions have eased restrictions on Telegram, and officials now emphasize that using Max is "optional." Some users, including officials, prefer to use Max on separate devices for security. Concerns about Max's geolocation capabilities and its access to other applications are often exaggerated, and the app has faced scrutiny regarding surveillance practices. Developers have reduced checks on VPN usage, but public distrust persists. Many users focus on the risks posed by Max while neglecting other security vulnerabilities. Effective risk mitigation requires a rational assessment of threats and increased digital literacy.
Telegram to adapt to Russian restrictions, making traffic harder to detect and block, says app founder
AppWizard
April 7, 2026

Telegram to adapt to Russian restrictions, making traffic harder to detect and block, says app founder

Telegram's founder, Pavel Durov, announced that the messaging platform will adapt to increasing restrictions from the Russian government to make its traffic harder to detect and block. Approximately 65 million Russians use Telegram daily via VPNs, with over 50 million actively sending messages despite government efforts to slow down the service. The Russian government has attempted to ban VPNs, impacting the banking sector, and Durov compared the situation to Iran's previous Telegram ban, noting a similar rise in VPN usage. In February, Russia's communications regulator began slowing down Telegram for non-compliance with requests to remove prohibited content. Durov is under investigation for potential criminal charges related to aiding terrorist activities, which he claims are pretexts to limit access to Telegram. The crackdown on foreign communication tools has intensified, with recent restrictions on WhatsApp, and Kremlin spokesperson Dmitry Peskov has urged citizens to use the state-developed messaging app "Max." Telegram remains crucial for communication, especially for military purposes, amid pressure from Roskomnadzor, the Russian agency monitoring mass media.
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs
Winsage
April 6, 2026

ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

A newly discovered Windows malware called ResokerRAT uses Telegram’s Bot API for its command-and-control operations, allowing it to monitor and manipulate infected systems without a conventional server. It obscures its communications by integrating with legitimate Telegram traffic, complicating detection. Upon execution, it creates a mutex to ensure only one instance runs and checks for debuggers to avoid analysis. It attempts to relaunch with elevated privileges and logs failures to its operator. ResokerRAT terminates known monitoring tools and installs a global keyboard hook to obstruct defensive key combinations. It operates through text-based commands sent via Telegram, allowing it to check processes, take screenshots, and modify system settings to evade detection. Persistence is achieved by adding itself to startup and altering UAC settings. The malware retrieves additional payloads from specified URLs and uses URL-encoded data for communication. Researchers have confirmed its Telegram traffic, and its behavior aligns with various MITRE ATT&CK techniques. Security teams are advised to monitor for unusual Telegram traffic and scrutinize registry keys related to startup and UAC.
Kremlin's drive for a state-backed messenger touches a nerve for some
AppWizard
April 5, 2026

Kremlin’s drive for a state-backed messenger touches a nerve for some

The Kremlin is promoting its state-backed messenger service, MAX, but many Russians are skeptical about it due to privacy and functionality concerns. The initiative occurs alongside extensive internet censorship and the blocking of popular messaging platforms like Telegram. While some users have adapted to MAX, the majority remain cautious. Officials justify MAX as essential for national security, arguing that foreign apps pose risks. The parent company, VK, claims 107 million users, expanding its reach beyond Russia. Opposition activists warn of potential state surveillance and user data access. Many users feel compelled to download MAX due to state requirements but prefer other options like Telegram. There is a strong sentiment among the public that app usage should be a personal choice, with critics expressing discontent over the government's approach to mandating downloads.
MindsEye is a glitchy, incoherent mess I wouldn't recommend to anyone—and it might also be my favorite game of 2026
AppWizard
April 4, 2026

MindsEye is a glitchy, incoherent mess I wouldn’t recommend to anyone—and it might also be my favorite game of 2026

MindsEye is a game developed by Build a Rocket Boy that has improved since its launch last year, though it remains flawed. The gameplay experience is chaotic, allowing players to create havoc in Redrock City without law enforcement. The game features static character interactions and forgettable archetypes, with a narrative that occasionally entertains but ultimately falls flat. The story portrays billionaire tech moguls as heroes with questionable morals, while the government and military are depicted as self-serving. Despite numerous issues, including erratic enemy behavior and performance problems, the reviewer found the absurdity of the game engaging. The narrative includes elements like underground civilizations, love, loss, and alien communication, leading to a chaotic and disjointed finale. The game is described as a flawed product with an unjustified price tag, yet it captivated the reviewer with its unpredictability.
Russians Wary As Kremlin Pushes State-Backed Messaging App MAX
AppWizard
April 3, 2026

Russians Wary As Kremlin Pushes State-Backed Messaging App MAX

Russia's government is promoting MAX, a state-backed messaging service, amidst skepticism and resistance from the public. Authorities are disrupting mobile internet access and jamming popular messaging platforms as part of a crackdown on digital communications. MAX is marketed as a "national messenger" and is owned by a company linked to President Putin's allies. Users express concerns about privacy and state surveillance, with many hesitant to abandon established apps like Telegram and WhatsApp. Officials argue that a domestic messaging service is vital for national security, while opposition activists warn that user data on MAX could still be accessed by security services. Some users feel compelled to adopt MAX for government services, though many prefer to avoid it. Resistance to the platform persists, with analysts cautioning that forced adoption could damage public trust in a country historically resistant to censorship. The decision to use MAX is influenced by personal convenience, necessity, and digital freedom concerns.
Russia's MAX Messenger: State Control or Public Choice?
AppWizard
April 3, 2026

Russia’s MAX Messenger: State Control or Public Choice?

The Kremlin is promoting MAX, a state-sponsored messaging app, as the 'national messenger,' but faces skepticism from the public due to concerns about government surveillance and personal data privacy. Russian officials argue that foreign messaging platforms pose security threats, yet many users prefer established services like Telegram and WhatsApp, despite partial restrictions on them. Privacy and data security concerns persist, creating tension between state regulations and individual freedoms. Users like Irina Matveeva face challenges in balancing government compliance with privacy protection in a monitored digital environment. The rollout of MAX reflects the Kremlin's aim to control digital communication amid ongoing struggles for personal autonomy in Russia's digital landscape.
Search