Back

Apple Removes Russian MAX Messaging App Amid Spyware Allegations

Severity: High (Score: 62.7)

Sources: Ua.News, Inkorr, Dagens, United24Media, ru.themoscowtimes.com

Published: 2026-06-04 · Updated: 2026-06-05

Keywords: russian, state, removed, store, apple, kremlin, kremlin-backed

Summary

Apple has removed the Kremlin-backed MAX messaging app from its App Store, halting new downloads. The app, developed by VK, has been accused of facilitating mass surveillance by Russian security agencies. Users were informed that existing installations would continue to function, but notifications may not appear on Apple devices. The app was previously flagged as spyware by Cloudflare due to security flaws, though the label was later lifted. MAX has been preinstalled on new smartphones in Russia since late 2025, following the blocking of popular messaging apps like WhatsApp. The removal reflects escalating tensions between Apple and Russia's state-aligned tech sector, as Apple had also removed another VK-linked app, Telega, earlier. Users are advised to download the app from alternative sources while the developers seek clarification from Apple. Key Points: • Apple removed the MAX app from its App Store due to spyware allegations. • Existing users can still use the app, but notifications may not function on Apple devices. • The removal indicates rising tensions between Apple and Russia's state-controlled tech sector.

Detailed Analysis

**Impact** The removal affects Russian users of the MAX messaging app, which was preinstalled on all new smartphones sold in Russia since September 2025 and ranked ninth in the Russian App Store at removal. The app serves as a state-backed communication platform following the blocking of WhatsApp and Telegram in Russia, impacting millions of users reliant on it for messaging. Operationally, new Apple device users in Russia cannot download the app, and existing users face disrupted notifications and calls on Apple devices, though message delivery continues. The broader Russian tech sector faces increased friction with Apple due to the removal. **Technical Details** MAX was flagged by Cloudflare as spyware due to multiple system flaws and failed URL security checks, including nine out of ten URL checks triggering the label and four reported security vulnerabilities. Independent analysis identified hidden capabilities such as remote microphone recording, contact list harvesting, VPN detection, and silent message deletion. The app’s infrastructure includes domains flagged for suspicious activity, with Cloudflare’s designation briefly removed then reinstated. No specific CVEs or malware names were provided. The removal corresponds to the delivery and persistence stages of the kill chain, preventing new installations and limiting app functionality on Apple devices. **Recommended Response** Defenders should monitor network traffic for connections to MAX-related domains and watch for indicators of microphone activation or unauthorized data access on devices with the app installed. Apple users in Russia should be advised to avoid downloading the app from unofficial sources due to potential security risks. Security teams should track updates from Apple and VK for resolution status and any patches or mitigations. No specific patches or CVEs were mentioned; therefore, monitoring for suspicious app behavior and domain activity is the priority.

Source articles (5)

  • Apple has removed the Russian messaging app Max from the App Store — Ua.News · 2026-06-04
    The American technology company Apple has removed the Russian messaging app Max from its App Store. The app is now unavailable for download by users of Apple devices. No official reason has been given…
  • Apple Removes Russian State — United24Media · 2026-06-04
    Apple removed the Russian state-backed messenger Max from its App Store, cutting off new downloads of the Kremlin- application, according to The Moscow Times on June 3. VK , the developer of the state…
  • Kremlin-backed MAX app removed from App Store — Dagens · 2026-06-04
    Ever since intensifying its blocking of messaging apps such as Telegram and WhatsApp, the Kremlin has tried to push the Russian public to start using the state- MAX app for communication instead. The…
  • Apple Udalil Max Iz Svoego Magazina Prilozhenii A197225 — ru.themoscowtimes.com · 2026-06-04
    Apple вслед за клоном Telegram под названием Telega удалил из своего магазина приложений госмессенджер Max. Об этом VK, разработчик подконтрольного властям сервиса, сообщил в среду вечером. «МАХ подтв…
  • Max Messenger removed from App Store over spyware allegations — Inkorr · 2026-06-05
    According to НВ — Техно : On June 4, 2025, the team behind the Max messaging app announced its removal from the App Store, meaning Apple device users will no longer receive push notifications. Despite…

Timeline

  • 2025-01-05 — MAX app preinstalled on new smartphones: Russian authorities mandated that the MAX app be preinstalled on all new smartphones sold in Russia.
  • 2026-02-01 — WhatsApp blocked in Russia: Russian authorities blocked WhatsApp, pushing users towards state-approved messaging platforms like MAX.
  • 2026-04-30 — MAX flagged as spyware by Cloudflare: Cloudflare labeled the MAX app's domains as spyware due to multiple security flaws.
  • 2026-06-03 — Apple removes MAX from App Store: Apple confirmed the removal of the MAX app, cutting off new downloads amid ongoing spyware concerns.
  • 2026-06-04 — VK confirms MAX's removal: VK, the app's developer, acknowledged the removal and stated they are seeking clarification from Apple.

Related entities

  • Malware (Attack Type)
  • Japan (Country)
  • Russia (Country)
  • South Korea (Country)
  • Ukraine (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • api.telega.info (Domain)
  • telega.me (Domain)
  • Technology (Industry)
  • T1056 - Input Capture (Mitre Attack)
  • App Store (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed