Category
Anti-Fake

Russia’s State-Mandated Max Messenger Reportedly Hides Powerful Tracking Tools

4 min read
Google logo Prefer U24 Media on Google
Authors
Photo of Roman Kohanets
Roman Kohanets
News Writer
Illustrative photo shows the Russia MAX messenger logo displayed on a smartphone on February 13, 2026. (
Illustrative photo shows the Russia MAX messenger logo displayed on a smartphone on February 13, 2026. (Source: Getty Images)

Russia's state-mandated messenger Max contains an extensive set of hidden surveillance features that allow remote servers to record microphone audio, harvest contact lists, defeat VPNs, and delete messages directly from users' phones.

The findings were published in a reverse-engineering study on the Russian technology platform Habr on May 18.

The author, a programmer working under the handle "zarazaex," decompiled the application's installation file and cataloged its concealed functions.

We bring you stories from the ground. Your support keeps our team in the field.

DONATE NOW

A messenger built into every new Russian phone

Since September 1, 2025, Max has been preinstalled on every new smartphone sold in Russia. Its servers are on the "white list" of the country's deep packet inspection system, ensuring it continues to function even when authorities cut off broader internet access.

The application is developed by VK  and openly backed by the Kremlin. After WhatsApp was blocked in February 2026, officials urged citizens to switch to Max, presenting it as Russia's "sovereign" alternative to Western platforms.

What the researcher uncovered

The study cataloged more than a dozen distinct mechanisms allowing Moscow's operators to reach into a user's device. Among the most significant:

  • VPN detection that blocks access to chats and internal mini-applications until users switch off their protection, with the trigger toggled remotely on selected accounts;

  • Real-time monitoring of the contact book, including hashed phone numbers of people who have never installed Max, with collection intervals dictated by the server;

  • Control of the phone's NFC chip by any mini-application loaded inside Max, allowing it to imitate access passes, loyalty cards, or other credentials at terminals without warning the user;

  • Silent deletion of messages from a phone's local database, triggered by a hidden push notification that leaves no trace in the conversation;

  • A hidden tracking module that quietly contacts external services to capture users' real public IP addresses, even when a VPN is running;

  • A hardware-level identifier pulled from the phone's protected processor zone, which survives factory resets, application reinstallation, and Google account changes;

  • Server-controlled "fake chats" and a counterfeit Google Play review prompt that channels ratings back to Max's own servers rather than the app store;

  • The ability for servers to inject code into open mini-applications and strip Android's screen-capture protection, allowing third parties to photograph private chats.

Listening through the microphone

Among the most far-reaching findings is an on-device machine-learning system trained to detect keywords in continuous audio. Every trigger is logged back to the server as a single confidence score.

The matched word itself is not transmitted, but the fact of a match on each user remains visible to Moscow's operators.

The research also documented a covert function allowing Max's servers to silently record raw microphone audio during calls.

The audio is captured at multiple stages of the call pipeline, including the unprocessed microphone signal and the other participant's voice. The files are then uploaded to an analytics service without any on-screen indicator.

Probing the open internet

Max also continuously checks whether users can reach foreign services such as Google, Telegram, WhatsApp, and Amazon Web Services . The results, along with the user's external IP address, mobile operator, and VPN status, are bundled into a single report and uploaded to the company's analytics channel.

Max's press service previously described the host-reachability checks as a measure to "ensure calls work," the researcher noted, without explaining why the same packet also transmits a user's IP address and VPN state to a central analytical pipeline.

The findings land as Moscow accelerates a broader push to channel Russian internet traffic through state-controlled platforms. The expansion of Max into Russian daily life now extends beyond consumer phones—and even beyond the planet.

Russia's state-backed messenger has been used to send more than 1,000 messages between the International Space Station and Earth as of April 7.

The claim was attributed to Dmitry Bakanov, head of Russia's space corporation Roscosmos , who made the remarks during a state-organized event in Moscow marking the anniversary of Yuri Gagarin's first spaceflight.

"The MAX messenger is already working in space," Bakanov declared. According to the report, cosmonaut Sergey Kud-Sverchkov, currently aboard the station, is using the domestic service to communicate with the Roscosmos press office.

Critics quoted by Reuters have described Russia's promotion of Max as effectively coercive, warning that the application is being advanced as part of a broader "sovereign" communications system rather than through normal market competition.

Discuss this article:

PERPLEXITY CHATGPT CLAUDE GEMINI
See all

VK is Russia’s largest social network and tech company, often compared to Facebook.

Amazon Web Services is Amazon’s cloud computing platform, providing servers, storage, databases, and other online infrastructure.

Roscosmos is Russia’s state space corporation, overseeing rockets, satellites, cosmonaut missions, and space infrastructure.

Be part of our reporting

When you support UNITED24 Media, you join our readers in keeping accurate war journalism alive. The stories we publish are possible because of you.

Join MonthlyGive One Time