The latest analysis by RKS Global, first highlighted by The Bell on April 10, shows that a large share of Russia’s most-used Android apps are checking whether a user has a VPN enabled. According to the study, 22 out of 30 surveyed applications perform such a check. This finding raises immediate questions about how mobile software can detect network configurations and what those apps do with that information. The research frames the behaviour not as isolated incidents but as a pattern spanning banks, search and maps services, social networks, marketplaces and messaging tools.
The report breaks down which programs actively look for a virtual private network and which do not, and it documents how many apps forward that status to external endpoints. Notably, researchers found that 18 of the 30 apps send a user’s VPN state to their own servers, while 24 of the 30 transmit a list of installed apps from the device to a remote host. The implications touch on privacy, security, and the tension between corporate monitoring and user anonymity tools used for legitimate reasons, such as bypassing geoblocks or strengthening security on public Wi‑Fi.
Apps that detect VPN and data they collect
The study names many recognisable services that carry out VPN checks. Among financial institutions, apps from T‑Bank, Sberbank, VTB, and Alfa‑Bank were reported to inspect VPN activity. Major internet players such as Yandex and VK also appear on the list: examples include Yandex Browser, Yandex Maps, VKontakte, and Odnoklassniki. Marketplaces and delivery platforms like Wildberries, Ozon, MegaMarket and Samokat are flagged, as are classified‑style services such as Avito and mapping app 2GIS. The state‑linked messaging app Max was also identified among those that perform checks.
Banks and major platforms
Banks’ interest in detecting VPN usage can be framed as a fraud‑prevention measure: institutions often want to spot sudden changes in connection origin or behaviour that could indicate account takeover. Yet when banking apps report a user’s VPN status back to corporate servers, this transforms a local check into transmitted telemetry. The RKS Global findings suggest that developers are increasingly treating VPN detection as part of a broader device posture assessment, linking network configuration to identity and risk signals. That approach may shore up some anti‑fraud defenses but can also restrict legitimate privacy practices.
Marketplaces, social networks and messaging apps
For commerce and social services, the incentives differ but lead to similar outcomes: understanding the user environment helps with regional restrictions, fraud, and content moderation. The report lists apps that do not detect VPN use—among them Yandex Market, Yandex Food, Gosuslugi, Yandex Go, Dzen, Mail.ru Mail, MegaFon and Mir Pay—illustrating that this behaviour is not universal. Still, those services that do inspect and then forward findings to servers create centralized logs that could be used for analytics, enforcement or, in some contexts, compliance with external requests.
How the data is transmitted and technical notes
Beyond detection, the mechanics of what is sent are important. The researchers report that many apps send the VPN flag to their own backends, while a majority also upload either full or partial lists of installed apps. The Yandex Browser stood out as the only app among the thirty to specifically search for the Tor anonymity browser on a device. Meanwhile, Samokat and MegaMarket reportedly collect the full roster of installed VPN apps. These practices mean that a device’s privacy tools can become telemetry that organizations log, rather than purely local protections.
Technical implications and privacy risks
From a technical perspective, detecting a VPN can be achieved by examining system APIs, routing tables, or the presence of VPN packages, then bundling that result into standard analytics payloads. When this data leaves the device and arrives at a vendor’s servers, it can be correlated with account information, location, and usage patterns. The combination of a VPN flag plus an installed apps list increases the risk of deanonymization and targeted restrictions. For users who rely on privacy enhancing tools for legitimate reasons, these signals can undermine anonymity.
Regulatory pressure and editorial transparency
The context behind the uptick in VPN detection includes a regulatory push: Russia’s Digital Development Ministry required major internet platforms to limit access for users running VPNs by April 15, part of a broader effort to control how services are accessed. That policy demand helps explain why many high‑profile apps have added or intensified checks. At the same time, media organisations covering these developments aim for transparency. Meduza notes that this article was written by a journalist and translated from Russian using an AI model configured to meet editorial standards; every draft is reviewed by a human editor. If you spot translation errors, contact Meduza at [email protected], and consider subscribing to their English newsletter for exclusive coverage.