VPN and ad-block apps with over 35 million downloads secretly harvested user data: Report

Hemani Sheth Mumbai | Updated on March 11, 2020

The apps do not disclose that they are owned by the company.   -  Getty Images/iStockphoto/HAKINMHAN

Analytics firm Sensor Tower, has been harvesting data collected from millions of people who have installed the firm’s VPN and ad-blocking apps for Android and iOS, according to a BuzzFeed News report.

The apps do not disclose that they are owned by the company. Sensor Tower’s VPN and ad-blocking apps have over 35 million downloads, the report said.

“These apps prompt users to install a root certificate, which lets its issuer access all traffic and data passing through a phone. Sensor Tower says it only collects anonymized data. Apple has booted 13 of these apps from its App Store over the years. Google just booted one,” tweeted Buzzfeed News’Craig Silverman (@CraigSilverman).

“A list of the apps. Only Luna VPN remains in the App Store as of now. Luna, Adblock, and Free and Unlimited VPN are still in the Play Store. Apple and Google continue to investigate,” he captioned the complete list of apps that were harvesting user data.

The company had at least 20 such apps on app stores, including VPNs and ad blockers. The main purpose of the apps was to collect app usage data using the root file in order to map out app trends and revenues. In simpler words, the company was able to track the apps that users visited the most based on the data collected from these apps.

Once installed, the apps prompt app users to install a root certificate. The root certificate is a small file that lets the certificate’s issuer access user traffic and data on a phone.

Sensor tower said that it only collects anonymous usage and analytics through its products, according to the BuzzFeed News report.

Sensor Tower’s app intelligence platform which includes data from these apps is leveraged by developers, venture capitalists, publishers who can track the popularity, usage trends, and revenue of apps, the report said.

Apple and Google restrict root certificate privileges. Sensor Tower’s apps bypass the restrictions as users are prompted to install a certificate through an external website post download.

This is not the first time that such apps have been used by companies to gather data. According to a TechCrunch report, Facebook through apps such as Onavo has been collecting app intelligence to track popular apps for its own app development process. Apple in 2018 had booted the platform from its App store.

Dozens of Sensor Tower apps have been previously removed from the iOS App Store for violations. After being alerted by Buzzfeed, Apple has removed Adblock Focus app. It is investigating more apps. Google has also removed the Mobile Data app, the report said.

Published on March 11, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like