"An analysis by NCSC showed that the app, via encrypted communication channels, regularly connected to and maintained an active connection with 11 unique IP addresses, ten of which belong to the Russian Federation," the center said.
"Data transmission is carried out cyclically," it said.
The center reiterated its recommendation to Lithuanian users not to download the app, which it said requires access to a large amount of sensitive user data and permission to use functions of the device it is installed on.
The analysis found that the app was qualitatively made and properly optimized and that it uses encrypted channels and standard protocol ports for data transmission.
The center said, however, that Yandex.Taxi is capable of connecting, at various times and via encrypted channels, to addresses in different Russian regions, both on standby and when active.
It also made a general warning that malware can be used to steal money and confidential information, and for other purposes, such as spying, blackmailing or cyber-attacks.
Vilnius' local authority and a Lithuanian lawmaker has turned to the State Security Department over the Yandex.Taxi car-booking service, which was launched in the Lithuanian capital on July 26.
Netherlands-based Yandex.Taxi BV, which administers the app, has told BNS that it "processes and stores data of EU users strictly according to EU regulations".