Key Takeaways:
- Roskachestvo analysis flags a number of festive apps as risky, highlighting excessive permissions and background access.
- Russian mobile app security concerns include camera and microphone access, continuous background operation and file access.
- High risk apps include “Ded Moroz Zvonit na Russkom” and Santa Videocall; users are advised to remove such apps after the holidays and avoid public Wi‑Fi.
Roskachestvo’s Centre for Digital Expertise has warned Russian users about a wave of New Year themed mobile applications that request excessive digital permissions and may expose personal data. The consumer protection body, cited by RIA Novosti, said many festive apps seek unnecessary access to devices, increasing risks for users.
Russian mobile app security risks to watch
The Centre found that several popular seasonal programmes request broad internet access, the ability to run services in the background, to prevent the device entering sleep mode, and to access files and shared storage. In one case a single application requested 36 permissions, including file access, auto-launch and constant background operation.
Experts flagged as particularly risky applications titled “Ded Moroz Zvonit na Russkom” and “Santa Videocall”. A second group with medium risk included “New Year fake call and chat”, “Christmas Photo Editor”, “Photo Frame” and “Photo Booth”. Live Wallpaper and Decorations were assessed as presenting a moderate risk.
The report identified some permissions as more concerning than others. Access to the camera and microphone, the ability to record audio and video, auto-launch at device startup, the ability to alter or delete data, and access to the phone’s status all featured among the most dangerous requests. While most of the studied apps declared that they did not include trackers, the absence of declared trackers does not guarantee that data is not transmitted.
Data can still be sent directly to a developer’s server or transmitted via unsecured requests. The analysis noted that some apps collect information about usage time, technical parameters of the device, and links to downloadable elements such as frames, images, animations and sounds. The researchers did not find evidence of harvesting passwords, SMS messages, contacts or banking details.
Consumer specialists recommended a series of practical steps for users. They advised uninstalling New Year applications immediately after the holiday period. Users should avoid running such apps on public Wi‑Fi networks and should not install them on children’s devices without first checking the permissions requested. Careful review of permissions before installation can reduce exposure to unnecessary risk.
Security commentators emphasise that the presence of broad permissions is often a sign of poor design or intrusive behaviour. Even where an app appears harmless, granting it continuous background access or unrestricted internet connectivity can enable data collection that users did not intend to permit.
Roskachestvo’s findings are part of a wider trend of regulators and consumer groups urging caution around seasonal and novelty applications. As the holiday season encourages downloads of themed software, users are being reminded that convenience can come at the cost of privacy and device security.
For now the clear advice from the Centre for Digital Expertise is simple. Only install festive apps from trusted sources, scrutinise the permissions they request, avoid using them on open networks and remove them once they are no longer needed.
