30.04.2026
3 min
157
Cloudflare classified the domain associated with the “national messenger” Max as spyware, although the service still has a valid TLS certificate and is available in app stores.
MAX Messenger has received a classification as “spyware” from Cloudflare. There is nothing normal about receiving a classification like this; in most cases it means an application (or website) is exhibiting some form of suspicious activity, either by its Domain Behavior or a risk to user privacy.
Despite being classified as “spyware,” however, Max Messenger can currently be downloaded from both the Apple App Store and Google Play. As well, it continues to function as expected. Therefore, we see an unusual circumstance where on one hand MAX Messenger appears to be legitimate and on the other hand it has received a warning from a large player in the Infrastructure Market space.
It’s hard to say why an application would receive a classification like this. However, this type of classification usually occurs when abnormal traffic patterns, anomalous data processing or other characteristics that could indicate surveillance or data collection occur. Although it doesn’t confirm the application is doing any actual surveillance, this classification certainly provides good cause to be cautious when considering whether or not to use it as you would with a standard messaging application.
We do have a historical example that illustrates what could potentially happen here. A while ago, Cloudflare had also labeled the unofficial Telega Client. After that happened things moved rapidly: The TLS Certificate issued to Telega Client was revoked and shortly thereafter the Telega Client was removed from the App Store. Representatives of Telega explained this away as simply a Bug in the Application but unfortunately their explanation did little to mitigate the consequences.
Following the removal of Telega Client from the App Store many iPhone Users began complaining about issues they were experiencing with their iPhones including device freezes at boot-up, slow load times and occasionally blocks. While some believed these problems were related to having Telega Client installed on their phone there was never any official determination made to support this claim.
As a result of what occurred with Telega Client we find ourselves interested in how the story of MAX will unfold. At this point all we have is a warning, however if events continue along the lines of what transpired with Telega Client then we can expect to see further action taken against MAX, including potential store restrictions, certificate revocations and/or complete removal from stores.
