0 min left

Popular VPN and Ad-Block Apps Harvesting Your User Data

Image Source: Pixnio

If you use a VPN or an ad-blocking app on your cell phone, you may have unwittingly given a third-party company access to your user data and everything else that you do on your phone — though the company that runs these apps (there are about 20 of them) denies that this is the case and nothing is kept.

Analytics platform company Sensor Tower owns 20 or more VPN and ad-blocking apps available for both iPhone and Android devices—and chances are, if you’ve used one of them, you’ve unknowingly had your data and personal information collected. According to a report by Buzzfeed News, some of the more popular apps include Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus. They’ve collectively had more than 35 million downloads.

The apps don’t mention anywhere within that they’re owned by Sensor Tower which though Randy Nelson, Sensor Tower’s head of mobile insights, says is a reasonable expectation.

“When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense—especially considering our history as a startup,” he told BuzzFeed News, which was unable to find any proof that the company was originally an adblocker start-up like Nelson then claimed.

How Do These Apps Collect User Data?

Here’s how the company does it. When you install the app, you’re prompted to install a root certificate. This allows whatever company owns the app to collect every piece of data running through your phone, a pretty invasive thing to unknowingly allow a company to do.

“Your typical user is going to go through this and think, ‘Oh, I’m blocking ads,’ and not really be aware of how invasive this could be,” Android analyst for Malwarebytes Armando Orozco told BuzzFeed News.

How Has Sensor Tower Responded?

According to Nelson, the company doesn’t collect sensitive data, nor does it attach any data it does collect to personal information. He also told BuzzFeed News that “the vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting.”

But BuzzFeed found discrepancies in this statement, learning that most of the apps removed from the stores were removed because of policy violations. Which, according to Nelson, is just part of business.

“We take the app stores’ guidelines very seriously and make a concerted effort to comply with them, along with any changes to these rules that occur from time to time,” he told BuzzFeed News.

3 Comments
A
anabolism March 20, 2020

Installing a root certificate isn't what gives apps access to all data sent and received. Being a VPN does that. The whole point of a VPN is that all data sent and received goes through the VPN. That's what VPNs do.

A
AJNEDC March 18, 2020

It is time legislation be passed with severe penalties. This invasion of privacy must stop.