Just yesterday, everyone was talking about how the MAX messenger was recognized as spyware because Cloudflare placed the corresponding label on the max.ru domain. But exactly 24 hours have passed. And today, May 1, the label was removed. Spyware MAX lived with that status for one day and is now clean again. Let me break down what happened, how convincing VK’s explanation is, and whether anything fundamentally changed about the national messenger.

Rejoice: MAX is no longer spying, according to Cloudflare

Why MAX Was Recognized as Spyware

On April 30, 2026, it became known that Cloudflare (one of the world’s largest hosting providers and CDNs) labeled the max.ru domain as spyware. This isn’t just a reputational issue: a significant portion of global internet traffic passes through Cloudflare’s infrastructure, and such a label means that corporate networks, browsers, and antivirus solutions begin treating the domain as potentially dangerous.

The Cloudflare label appeared against the backdrop of already documented facts about the app's behavior.

There were plenty of reasons for such labeling of the MAX app. Research from March 2026 documented that: MAX monitors VPN (it analyzes the network environment and determines whether a VPN is enabled on the device). Additionally, the messenger establishes connections to competitors’ servers — presumably to analyze the effectiveness of their blocks.

MAX’s Response to Being Recognized as Spyware

The MAX messenger press service responded promptly. VK’s official position:

The classification as “spyware” was caused by an incorrect interpretation of request headers to ordinary web analytics services on the max.ru website.

In simpler terms: according to VK, Cloudflare simply misread technical requests from standard web analytics tools and mistakenly identified them as spyware activity. No malicious intent, no surveillance — just an algorithm that misinterpreted the data.

The spyware label has been removed! Rejoice!

It sounds plausible, but only partially. Web analytics does indeed sometimes trigger security systems, and technically such a scenario is possible. The question is different: the documented VPN tracking through MAX and connections to competitors’ servers — that’s not web analytics. These are separate facts that haven’t gone anywhere and that MAX’s press service didn’t address in its explanation.

Why Cloudflare Removed the Spyware Label from MAX

Checking MAX through Cloudflare yielded a new result on May 1: the label was removed. The exact reason was not officially announced, since Cloudflare does not publish detailed explanations for each case of label reassessment. But there are several possible scenarios. Either VK contacted Cloudflare with a review request and provided technical justifications — this is a standard procedure for contesting labels. Or Cloudflare’s algorithms truly made an error, a subsequent check revealed it, and the label was removed automatically. Or a combination of both.

In the latest report, there is no spyware label

The MAX spyware label ultimately lasted exactly 24 hours. This either indicates that the labeling was indeed erroneous (and VK is right). Or that the company had sufficient resources to quickly resolve the issue with one of the world’s largest internet providers. Both options are technically possible. Distinguishing one from the other without internal correspondence is impossible. MAX and Cloudflare played a short game: label on — label off. The story appears closed. But the question is whether it’s closed on the merits.

Is It Dangerous to Use MAX on Android in 2026?

The removal of the Cloudflare label hasn’t fundamentally changed anything. MAX’s safety is determined not by what a hosting provider’s algorithm thinks about the domain, but by how the app itself behaves on the device.

The former threat of MAX hasn’t gone anywhere

Facts that were documented before the labeling and remain relevant after its removal:

  • MAX tracks users in terms of network activity (the app determines whether a VPN is being used);
  • MAX’s privacy policy provides for data transfer to third parties, including government agencies;
  • the app establishes connections to competitors’ servers (this has been documented by independent researchers);
  • Does MAX eavesdrop through the microphone in the background? No — this has not been confirmed. But the network activity goes beyond what a regular messenger needs.

The danger of MAX for the average user is not a virus threat. It’s systematic collection of data about network behavior. The Cloudflare labeling was a reason to remember this. Its removal is a reason not to forget.

MAX on Android is still needed by those who use it for Gosuslugi, Sferum, or family chats. For these tasks, it seems like a reasonable tool. As a primary messenger for sensitive conversations — no. My opinion on this matter hasn’t changed. The 24-hour Cloudflare labeling and its removal haven’t affected these conclusions in either direction.