A Convenient Outrage
On June 25, 2026, Apple removed six of Russia's most-used applications — VKontakte, VK Music, VK Messenger, VK Video, Odnoklassniki, and Mail.ru — from its App Store, citing sanctions compliance. The company told BBC News Russia that it follows the laws of the jurisdictions in which it operates, but declined to name the specific regulations involved. The likely trigger: VK CEO Vladimir Kiriyenko, son of a senior Kremlin official, has been under U.S., EU, and UK sanctions since 2022 following Russia's full-scale invasion of Ukraine.
Russia's Foreign Ministry spokeswoman Maria Zakharova was swift with the verdict: "political censorship." Kremlin spokesman Dmitry Peskov told users to "switch to other operating systems," and the Ministry of Digital Development called the move politically motivated. VK itself insisted it had never appeared on any sanctions list and had long provided Apple with legal opinions to that effect.
This complaint is not without a kernel of legitimate grievance. VK, as a company, has never been placed directly under Western sanctions — the liability runs through its CEO, not its products. Apple's removal therefore amounts to guilt-by-association: a technology decision driven by a legal reading of corporate control rather than any direct finding against the company's services. VKontakte and its affiliated platforms serve tens of millions of users daily, filling roles comparable to Facebook, YouTube, Spotify, and email combined in the Russian market. Disrupting access is a real harm to ordinary people who had no say in who runs their preferred social network.
But that complaint collapses quickly under scrutiny of what Russia itself has been doing to the very platforms it now claims to defend.
Russia's Own Digital Censorship Architecture
Four months before accusing Apple of censorship, Russia blocked WhatsApp. On February 12, 2026, Roskomnadzor confirmed the block, with Kremlin spokesman Peskov citing WhatsApp's "reluctance to comply with the norms and letter of Russian law" — specifically, its failure to store Russian users' data on domestic servers and its refusal to suppress content authorities flagged as criminal or terrorist. WhatsApp described the action as Russia's attempt to "fully block" the platform.
The same period brought throttling of Telegram, following years of restrictions on YouTube, Facebook, Instagram, and Twitter. In their place, the Russian government promoted Max — a state-backed messaging application that, unlike WhatsApp or Signal, lacks end-to-end encryption and openly shares user data with authorities upon request. Max reached 70 million monthly users by December 2025. This is the digital sovereignty playbook in action: pressure Western platforms until they either comply with surveillance mandates or exit, then fill the vacuum with domestically controlled alternatives that offer users privacy from everyone except the state.
When Apple removed the state-backed Max from its App Store in early June 2026 — before the broader VK removal — there was no Foreign Ministry statement about censorship. The selectivity is instructive.
While Complaining, Spying
Three days after the VK apps were pulled, on June 29, 2026, the U.S. State Department's Rewards for Justice program announced a $10 million bounty for information identifying members of two Russian intelligence-linked hacking groups: UNC5792, tied to the FSB Border Guards, and UNC4221, associated with Russian military intelligence.
According to a June 26, 2026, advisory from the FBI's Internet Crime Complaint Center (IC3 Advisory PSA260626), these groups have run sustained phishing campaigns targeting Signal and WhatsApp accounts belonging to current and former U.S. and NATO government officials, diplomats, defense and intelligence personnel, journalists covering Russia and Ukraine, and NGO workers supporting Ukraine. Thousands of individual accounts have been compromised.
What makes the campaign particularly insidious is its technical evolution. Rather than breaking the encryption itself — which remains robust — UNC5792 and UNC4221 have shifted to stealing Backup Recovery Keys. Attackers impersonate Signal or WhatsApp support agents, then trick users into backing up their messages and surrendering the resulting key. Once obtained, that key enables access to historical messages, private and group chats, and full account takeover. Critically, compromised Backup Recovery Keys remain valid even if victims create new accounts using the same phone number, giving Russian intelligence persistent access that survives standard countermeasures.
"RIS cyber threat actors can view the account's historical messages, private and group messages, and take over the victim's account." — IC3 Advisory PSA260626, June 26, 2026
Journalists in the Crosshairs
The target categories in the IC3 advisory are not random. They precisely overlap with the categories Russia's domestic legal system has been prosecuting. The Committee to Protect Journalists documented 27 journalists imprisoned in Russia on criminal charges since February 24, 2022. Russian authorities have issued criminal cases citing Telegram posts, fined journalists for failing to label social media content with "foreign agent" designations, and raided newsrooms. When an FSB-linked group compromises the Signal account of a journalist's contact, the resulting intelligence doesn't stay in a server farm — it feeds the domestic repression apparatus.
The Backup Recovery Key technique amplifies this risk. A single successful social engineering attack can expose months or years of protected communications, implicating not just the compromised account holder but every source, colleague, and contact they've corresponded with. This is the mechanism behind what rights groups have called "digital arrests": surveillance of encrypted channels providing the evidentiary foundation for physical detention.
The Squeeze Play
The strategic picture is now complete. Russia blocked WhatsApp, throttled Telegram, and pushed Max — a platform that provides zero privacy from the state. Simultaneously, its intelligence services have been systematically harvesting the accounts of those who continued to rely on encrypted messaging despite official pressure to abandon it. When Apple removes VK under a sanctions framework, Russia invokes the vocabulary of platform neutrality and free expression that it has spent four years systematically dismantling at home.
Proportionate regulation requires proportionality from all actors. The argument that companies should not become tools of geopolitical coercion — that sanctions enforced through app store removal can harm ordinary users who bear no responsibility for their CEO's political connections — deserves serious engagement in multilateral forums. Secondary sanctions and extraterritorial enforcement remain contested ground in international economic law, and the VK case illustrates how blunt these instruments can be.
But that is an argument that cannot be made with any credibility by a government simultaneously running a $10 million-bounty-warranting espionage campaign against the very encrypted platforms it now claims others are censoring. The Kremlin's complaint about Apple's VK removal is real. The Kremlin's standing to make it is not.