Decompiled Russian govt “Social Monitoring” app reveals awful privacy violations
github.comTranslation of https://t.me/itsorm/1576
--
- The APP gets full set of permissions, GPS, camera, locations, phone access, settings
- All collected data is sent in full to the state-associated agency, no encryption, plain HTTP
- Some shady foreign SaaS is used for face recognition (identix.one)
- Developed by a contracting firm, and paid by the state
- MAC/IMEI are disclosed via an identification QR code