Intro
Hello everyone!
My first article about MAXbecame very popular—over 220k views and more than 300 comments. Many people referenced it in their reviews, and some articles, although not linking to it, were obvious clones. All this confirms that the topic of the "National Messenger" is interesting and the interest in it is not fading yet.
In the first article, I promised a second one—about what requests the MAX mobile app sends and where. I certainly delayed its release for a long time, and many of you wrote me messages like "When is it coming???...", but there were reasons for that, and honestly, I wouldn't have released it at all to avoid disappointing you, but since I promised....
Let's look into the reasons for my disappointment. But first, some introductory points again, to remove any doubts about my impartiality:
Introductory points:
I have absolutely no connection to the companies creating and developing the MAX messenger;
This article is not an advertisement. I am not calling you to do anything, not encouraging you, etc. This article is the result of my personal curiosity and an attempt to answer questions for which I could not find answers in other sources;
Before this experiment, I had never installed or used MAX;
I am conducting the entire experiment on my personal primary Android smartphone, which I have been using constantly for the last 2 years—a Samsung S22 Ultra with Android 15 and One UI 7.0. I installed MAX from RuStore on August 19, 2025. The MAX version at that time was 25.8.1 from August 13, 2025. The current version is 25.11.0;
I am not an Android expert, I don't know its architecture very well, and I don't have a deep understanding of the principles of its security stack, network stack, etc.
Analysis Tool
I decided to conduct the observations using the AdGuard app, which works as a proxy and routes all device traffic through itself, blocking ads and requests to various trackers, etc. It's convenient because you can then visually check the statistics for a specific application—where and when it connected and what requests were sent. The version of AdGuard I'm using is the latest, 4.11.63 (one update was released from version 4.10.65 during the observation period). I should mention right away that I set the maximum blocking settings in the app and even installed the suggested HTTPS certificate to be able to filter encrypted traffic.
I conducted the research in stages. I designed them specifically to cover the largest number of cases.
Results
First 24 hours — installed the app but didn't launch it
Yes, this is the exact case I decided to start with. What happens if you just download the app and don't launch it? At first, everything was empty. After restarting the phone, the first network requests appeared. One request to Google Firebase, and a second one—some kind of internal request.
The size of the requests indicates that nothing large (neither my contacts, nor my photos, etc.) was "leaked" in this case. 24 hours after installing the app, nothing new appeared.
Second day — Launched the app but did not complete registration
It was time to launch it, but it had little effect:
It should be noted that I again waited honestly for 24 hours. I waited and hoped that the application would start some network activity, but no, nothing happened.
Third day — Completed registration but did not use the main functionality (chats and calls)
Registration increased the traffic. I gave the app access to contacts, the camera, and the microphone, but again, I didn't see anything suspicious. Moreover, AdGuard did not detect a single tracker in MAX.
From that moment on, I started waiting and hoping for at least some anomaly, something that would stand out from the overall dull picture. But no, nothing...
More than 30 days after installing and using the app
I made all kinds of calls, wrote in chats, connected Sferum, and all I achieved is in the screenshot above. That's why I didn't release this article for a long time, because it's boring. For comparison, here's an example of what WhatsApp constantly does:
You have to agree, its network activity looks much more suspicious.
Conclusion
I didn't see anything anomalous in MAX's network traffic, although, like many of you, I was expecting something unusual. Here's what my TOP apps by requests over 30 days looks like:
Even Telegram is more interesting to analyze, and what's more—even MES is more suspicious than MAX in terms of network requests. In short—that's why I'm disappointed, it's not what I expected. But as they say, facts are facts.
Give me a like at least for the effort and write some comments—what do you think about this? And come join me on Telegram!