Popular VPN and ad-blocking apps are secretly harvesting user data
#1
Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads.

Since 2015, Sensor Tower has owned at least 20 Android and iOS apps. Four of these — Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus — were recently available in the Google Play store. Adblock Focus and Luna VPN were in Apple's App Store. Apple removed Adblock Focus and Google removed Mobile Data after being contacted by BuzzFeed News. The companies said they continue to investigate.

Once installed, Sensor Tower's apps prompt users to install a root certificate, a small file that lets its issuer access all traffic and data passing through a phone. The company said it only collects anonymized usage and analytics data, which is integrated into its products. Sensor Tower’s app intelligence platform is used by developers, venture capitalists, publishers, and others to track the popularity, usage trends, and revenue of apps.

Quote:Armando Orozco, an Android analyst for Malwarebytes, said giving root privileges to an app exposes a user to significant risk. 

“Your typical user is going to go through this and think, Oh, I‘m blocking ads, and not really be aware of how invasive this could be,” he said.


Randy Nelson, Sensor Tower’s head of mobile insights, said the company did not disclose ownership of the apps for competitive reasons.


Quote:“When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense — especially considering our history as a startup,” he said, adding that the company originally started with the goal of building an ad blocker. (He was unable to provide media coverage or other evidence of this early focus.)

Nelson said the company’s apps do not collect sensitive data or personally identifiable information and that “the vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting.”


In most cases, the apps are no longer available because they were removed due to policy violations. A dozen of the Sensor Tower apps were previously removed from the iOS App Store due to violations, according to an Apple spokesperson. Apple removed Adblock Focus and said it is continuing to investigate Luna VPN.

Google is investigating the apps but did not comment by deadline.

Quote:“We take the app stores’ guidelines very seriously and make a concerted effort to comply with them, along with any changes to these rules that occur from time to time,” Nelson said.


Apple and Google restrict root certificate privileges due to the security risk to users. Sensor Tower’s apps bypass the restrictions by prompting users to install a certificate through an external website after an app is downloaded.

Luna VPN, for example, shows a notification that offers the ability to block ads on YouTube if a user adds the Adblock extension, another Sensor Tower product. This kick-starts a process that results in a root certificate installation.

Quote:“Our apps do not track, request, or store any sensitive user data such as passwords, usernames, etc., from users or other apps on a user’s device, including web browsers,” Nelson said.


BuzzFeed News connected the apps to Sensor Tower by discovering they contain code authored by developers who work for the company.

Quote:The online résumé of one Sensor Tower developer, whose GitHub username is in the code of multiple apps, said he built "Android apps to power the Sensor Tower analytics platform." The personal website of another Sensor Tower developer said he’s “Working on awesome top secret iOS Projects.”





https://www.buzzfeednews.com/article/cra...nsor-tower
Reply
#2
Anything to do with Mobile phones and using the internet on a mobile or smart phone is bad news.  I've thought this for years now, me personally I avoid all that carry on.  I'm not really into phones and don't care at all.  I would rather have a better set up instead and avoid all this 'on the go' mobile internet.

You use a phone and this is the kind of thing you expect to happen.  Gathering data and collecting information I'm not surprised in the slightest.  Get yourself a decent set up and ditch the phone thing.  Phones are designed to be exposed and have been now for at least the last 10 years and more.

If you want to be like all the rest of the sheep out there then keep using your smart phone and enjoy being monitored very often.
Reply
#3
Google and Android have a monopoly on mobile systems.

And I trust neither. Dont even have a google account on Android.

Give me a desktop or laptop over a phone anyday.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Express VPN & AT&T new wifi boothill 1 1,600 Nov 27, 2024, 16:09 pm
Last Post: LZA
  VPN mandatory? Puckje 7 10,984 Oct 27, 2024, 12:41 pm
Last Post: wdc
  I busted Windscribe (A VPN) Ladyanne3 7 14,926 Oct 15, 2024, 03:12 am
Last Post: Aera23
  free VPN anyone? Kazz55 8 4,362 Oct 14, 2024, 23:53 pm
Last Post: GalaxyDoge72
  BitTorrent Blocklists Are Even Less Effective Than Pirate Site Blocking Ernesto 9 47,333 Jun 09, 2024, 12:18 pm
Last Post: reeboker



Users browsing this thread: 1 Guest(s)