Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology8 min read

Yandex's analytics tool found in 16 of the most downloaded free VPN apps in Russia — here's what it means for your privacy | TechRadar

While the apps are among the 87 most popular free VPNs in Russia, users aren't limited to the country. RKS Global researchers tells TechRadar the potential r...

TechnologyInnovationBest PracticesGuideTutorial
Yandex's analytics tool found in 16 of the most downloaded free VPN apps in Russia — here's what it means for your privacy | TechRadar
Listen to Article
0:00
0:00
0:00

Yandex's analytics tool found in 16 of the most downloaded free VPN apps in Russia — here's what it means for your privacy | Tech Radar

Overview

Yandex's analytics tool found in 16 of the most downloaded free VPN apps in Russia — here's what it means for your privacy

Users have no way to disable tracking in the VPN client settings, said experts

Details

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Photo illustration by Jakub Porzycki/Nur Photo via Getty Images)

Yandex's tracking tool found in 16 of the most popular free VPNs in Russia

Active connections to Russian servers were detected immediately upon app launch

Users have "no way" to disable tracking in the VPN client settings

A new study has identified a potential security risk in nearly one-fifth of the most popular free VPN apps in Russia, with researchers warning of active connections to servers within the country.

Researchers at internet freedom group RKS Global discovered traces of Yandex. Metrica — an analytics tool owned by Russian tech giant Yandex — embedded in 16 of the 87 applications they tested.

By monitoring network traffic, the team confirmed these apps were making active requests to Russian infrastructure, regardless of which VPN server the user had selected.

"Another wave of VPN blocks:" Windscribe records drop in traffic in Russia

Russia’s battle against VPNs is entering a new phase: Here's what to expect in 2026

Your mobile browser counts – and these three are putting your privacy at risk, warns Surfshark

However, because the traffic was encrypted, they could not verify what specific data was being sent. The report clarifies that there is currently "no evidence" that these apps are transferring enough information to lead to the direct persecution of users.

Instead, the research highlights a potential structural risk. As a Russian entity, Yandex is legally required to store metadata for up to three years and provide authorities access upon request. The researchers argue that even if the developers aren't intentionally "spying," the presence of this tracking tool creates a persistent data pipeline into a jurisdiction where digital rights are under heavy fire.

Because the tool is baked into the apps' core code, it pings the Russian servers the moment the software is launched, and users have no way to disable this behavior in the settings.

To investigate whether Russia’s most popular free VPNs are communicating with domestic servers, RKS Global analyzed a list of the 87 most-downloaded services — 69 on Android and 18 on i OS.

Among the affected apps were four i OS services (VPN-VPN Secure, VPN Fast VPN 360 unlimited, VPN - Buck Super, and Super Fly VPN 2026) and 12 Android apps, including Pulya VPN, Planet VPN, Jump Jump VPN, and Turbo VPN.

Notably, Turbo VPN had already been flagged in August 2025 for having SDK-level ties to both Russia and China.

The researchers highlighted several technical limitations to their findings. Because the study focused on end-user device applications, it could not account for data transmission occurring directly from a VPN’s own servers to third parties.

"Another wave of VPN blocks:" Windscribe records drop in traffic in Russia

Your mobile browser counts – and these three are putting your privacy at risk, warns Surfshark

Urban VPN Proxy is the latest free VPN spying on users – here's how to stay safe

Furthermore, the report clarifies that there is currently "no evidence" that these apps are transferring enough information to lead to the direct persecution of users, though the structural risk of using Russian-linked analytics remains high.

Using a VPN that contains traces of Yandex. Metrica should be a significant red flag for privacy-conscious users — and not just because of the company's legal obligations to the Kremlin.

In 2021, Russia's "Smart Voting" website — an opposition-led project designed to coordinate tactical voting against pro-government candidates — was found to be running Yandex. Metrica with Webvisor enabled.

This tool recorded individual user sessions, essentially "filming" what a user did on the page and potentially capturing sensitive information typed into forms. For a site used by activists and opposition voters, this created a direct path for the state to identify participants.

The scandal prompted RKS Global to conclude that "Yandex. Metrica is not the analytics tool you should use if you need to preserve privacy from the Russian state."

The following year, a Financial Times investigation revealed that Yandex had embedded data-harvesting code into the SDKs used by thousands of app developers worldwide. This raised global alarms that "metadata" — often dismissed as harmless —could be used by the Kremlin to track user movements and habits across the web.

For a VPN user, the implication is significant: the very software used to hide your digital footprint may be hosting a component technically capable of mapping it for authorities.

While RKS Global did not find evidence of active session recording in these 16 VPN apps, the presence of the Yandex SDK creates a "structural vulnerability." Given that Yandex is legally required to provide stored data to Russian security services upon request, using these applications presents a persistent privacy risk that users cannot ignore.

Yandex. Metrica should concern VPN users who care about their privacy

Yandex. Metrica should concern VPN users who care about their privacy

Alexey Kozliuk, Chairman of the industry group VPN Guild, told Tech Radar that even a secure VPN tunnel cannot fully protect you if the app itself is leaking data from the inside. While the VPN may encrypt your browsing traffic, analytics SDKs can still harvest unique identifiers directly from your device.

"Yandex’s own App Metrica documentation shows telemetry fields that can include unique device identifiers, IP address at the time of the event, and other device and network attributes. Such a fingerprint makes it easier to connect activity to a particular device over time," Kozliuk told Tech Radar.

While these VPN apps with links to Yandex target a global audience, users within Russia face a much more immediate threat. The Kremlin has been aggressively clamping down on VPN access.

If you are looking for a free VPN that prioritizes transparency and security over data monetization, we recommend avoiding "unlimited" free VPNs that rely on invasive analytics. According to our latest testing, Privado VPN Free and Proton VPN Free are currently the best options.

Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for Tech Radar and Tech Radar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

1 Cisco warns of critical SD-WAN security flaw which has been open since 2023

2 Assassin's Creed 3 director discusses the disastrous launch of Skull and Bones, says the 'junior' devs didn't have enough experience and were 'trying to essentially make Black Flag crossed with World of Tanks or World of Warships'

3 Apple’s rumored $699 Mac Book sounds like a 2017 Mac Book Air with an i Phone chip, according to new code leaks

4 Spotify and Liquid Death have revealed the world’s first music-streaming urn — and now you can play your departed grandma the pop bangers she’s missing out on

5'Modern games are pushing GPU architectures harder than ever': Micron reveals faster new video RAM that could power Nvidia RTX 6000 GPUs

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

  • Yandex's analytics tool found in 16 of the most downloaded free VPN apps in Russia — here's what it means for your privacy

  • Users have no way to disable tracking in the VPN client settings, said experts

  • When you purchase through links on our site, we may earn an affiliate commission

  • (Image credit: Photo illustration by Jakub Porzycki/Nur Photo via Getty Images)

  • Yandex's tracking tool found in 16 of the most popular free VPNs in Russia

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.

Start saving with Runable todayContact us for any pricing questions