Apple and Google fail to bar US-sanctioned companies from their app stores
The Apple App Store and Google Play Store are hosting dozens of apps with direct connections to US-sanctioned Russian, Chinese, and other companies, according to a report by the Tech Transparency Project.
The Tech Transparency Project (TTP) investigation identified 70 mobile apps in the Apple App Store and Google Play Store that are linked to US-sanctioned entities, some of which had tens of thousands of downloads.
These include Gazprombank and other Russian financial institutions propping up Moscow’s invasion of Ukraine, a Chinese paramilitary group linked to human rights abuses, and even a suspect involved in cocaine and methamphetamine trafficking.
The Apple App Store hosted 52 of the identified apps, while the Google Play Store had 18, with six apps appearing on both storefronts.
TTP scanned app stores for developers and descriptions matching names listed on the Specially Designated Nationals (SDNs) list by the Treasury Department’s Office of Foreign Assets Control (OFAC).
“Both companies say they comply with US sanctions, and Apple says it holds apps to the 'highest standards' of security. But the apps identified by TTP showed obvious signs of their connection to sanctioned companies,” TTP writes in the report about sanctioned firms.
“Because both companies charge a fee to app developers, they may also be engaging in financial transactions with sanctioned organizations in some cases,” the TTP report reads.
Apple removed 17 of the identified apps during the course of the research, and an additional 18 apps disappeared shortly after TPP provided Apple with a list of identified apps, leaving 17 apps still available.
Google removed 17 of the 18 apps identified, stating that it is “committed to compliance with applicable sanctions and trade compliance laws,” and takes appropriate action if accounts violate Terms of Service.
Some apps had over a million downloads
All of the apps detected on the Google Play Store were connected to sanctioned Russian organizations, including Gazprom, Russia’s state-controlled natural gas giant.
GorodPay, which described itself as a “unified digital service from Gazprombank that offers passengers convenience in using public transport (ground and metro),” had been downloaded more than 1 million times and had nearly 5,000 reviews.
“The app linked to a website that indicates it is part of “GPB Bank (JSC),” which matches one of the Gazprombank’s aliases listed by OFAC,” TTP writes.
Gazprom Pay, an app by Gazprombank, had accumulated over 500,000 downloads and an average rating of 4 stars among more than 2,000 reviews on Google Play.
In November last year, OFAC sanctioned Gazprombank, describing it as a “conduit for Russia to purchase military materiel for its war effort against Ukraine.” Russia utilizes the bank to pay its soldiers, including combat bonuses, and to compensate the families of Russian soldiers killed.
TTP found seven Gazprombank apps on Google Play in total, and four more apps were seemingly developed by or related to Gazprom Neft.
Meanwhile, the App Store had a more diverse selection of apps with direct connections to US-sanctioned entities. More than half of them (29) were for sanctioned Russian companies.
Four of them were connected to the Russian commercial bank Ural FD, which has been under OFAC sanctions since November 2024. Three apps had been downloaded more than 20,000 times each, according to AppMagic, an app analytics firm.
Three more mobile banking apps listed their seller as “VIETNAM – RUSSIA JOINT VENTURE BANK,” owned by Russia’s VTB Bank, both entities have been sanctioned by OFAC since February 2022.
“It is not clear why Apple’s review process missed these Russian banks. Since Moscow’s invasion of Ukraine in 2022, Apple has removed apps for a number of US-sanctioned Russian banks and limited access to banking and payment services for Russian users, drawing the ire of Russian antitrust regulators,” TTP acknowledged in the report.
Among the non-Russia-related apps, four apps had listed their developer as Chang Guang Satellite Technology Co., a sanctioned Chinese company. OFAC found that it provided high-resolution observation satellite imagery to the US-designated Russian private military company Wagner.
Seven other Chinese apps were linked to Xinjiang Production and Construction Corps Media Group Co., a Chinese paramilitary organization. OFAC sanctioned the organization for its role in human rights abuses against Muslim ethnic Uyghurs in China’s northwestern Xinjiang region.
“The apps were all multi-purpose, distributing official information and providing ways to access government services,” TTP said.
In the Uruguay version of the Apple App Store, two apps, the AS Wallet mobile payments app and the eBandes mobile banking app, were developed by Banco Bandes Uruguay. OFAC announced sanctions against this bank in March 2019 as part of an action against the regime of Venezuelan President Nicolás Maduro.
One financial app was associated with the International Bank of Yemen, which is controlled by Houthi militants.
Two apps, Skyda – Chats & VPN and Skyda eSIM: Travel Mobile Data, listed Dragon Secure GmbH as their seller and copyright holder. This Switzerland-based company, majority-owned by a Lithuanian national, Rokas Karpavicius, was sanctioned for narcotics trafficking and money laundering.
“While the Skyda chat app was free, it charged a fee of $4.99 for VPN service. Because Apple takes a cut of in-app purchases like this, it may have profited from this app beyond the annual developer fee,” the TTP report reads.
OFAC sanctions generally prohibit providing any services to the designated entities.
“Apple and Google may be violating Treasury Department sanctions by simply hosting these apps,” TTP concluded.
Unlock more exclusive Cybernews content on YouTube.
