Sensor Tower Secretly Collecting Data From VPN and Ad-Blocking Apps on iOS and Android

[MacRumors]

Sensor Tower, an analytics platform that aggregates data on app downloads and usage for developers, has been secretly collecting data from millions of Android and iOS users who have installed popular VPN and ad-blocking apps, reports Buzzfeed News.

Luna VPN, one of the VPN apps owned by Sensor Tower that asked users to install an enterprise certificate​

These apps, which are owned by Sensor Tower, do not disclose that their user data powers Sensor Tower's analytics platforms. iOS and Android users have downloaded the apps more than 35 million times.

Some of Sensor Tower's 20 or more apps on iOS and Android include Adblock Focus and Luna VPN, with the former having been removed by Apple after Buzzfeed News alerted Apple's App Store team about the existence of the app. Free and Unlimited VPN and Mobile Data were also on the Google Play Store, but Google has since removed Mobile Data.

When installed, Sensor Tower's apps are designed to prompt users to install a root certificate, which lets Sensor Tower monitor all traffic and data passing through the phone. Sensor Tower bypasses Apple and Google's restrictions on root certificate privileges by requiring users to install the certificate through an external website.

Sensor Tower told Buzzfeed News that it collects anonymized usage and analytics data to determine the popularity, usage trends, and revenue of apps. Ownership of the apps was not disclosed due to "competitive reasons," according to Randy Nelson, head of mobile insights at Sensor Tower.

"When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense -- especially considering our history as a startup," he said, adding that the company originally started with the goal of building an ad blocker. (He was unable to provide media coverage or other evidence of this early focus.)

He went on to explain that many of the apps are now defunct or are "in the process of sunsetting," which Buzzfeed points out is because they were removed from Apple and Google's App Stores due to policy violations.

An Apple spokesperson confirmed that a dozen Sensor Tower apps had previously been removed from the iOS App Store due to violations. Both Google and Apple are continuing to investigate Sensor Tower's apps, and more information on Sensor Tower's data collection practices can be found over at Buzzfeed News.

iOS users should be wary of installing VPN and ad-blocking apps from unknown developers, and should avoid apps that ask for certificates to be installed.

Article Link: Sensor Tower Secretly Collecting Data From VPN and Ad-Blocking Apps on iOS and Android

 

[nylonsteel]

analytics - the new big brorther

 

[tongxinshe]

Lawyers to file class suite against Apple.

 

[cmaier]

Who is dumb enough to go to a third party website and download a profile, then, after seeing the warning iOS throws up, installing it anyway?

 

[69Mustang]

Who is dumb enough to go to a third party website and download a profile, then, after seeing the warning iOS throws up, installing it anyway?

Up to 35 million people apparently.

 

[Cosmosent]

I'd like to see Apple add two new Indicators to ALL app in the App Store:

1.) Collect NO User Data !

2.) Uses NO third-party frameworks !

If an app OR app update selects either one OR both, & is later found to be in violation of it, that App Dev loses ALL rights to participate in the App Store for THREE years !

BTW, regarding #1 above, some other MR member came up with that idea initially ... I'm just running with it because it is a very good idea !

IMO, this kind of stuff would have been implemented years ago if Phil Schiller wasn't in charge of the App Store ... I personally believe Apple needs to retire the dude ! ... I don't think he is qualified to even run a Hot Dog Stand at the local Park !

 

[len5]

Apple once again let's something pass into the Apps store and then after it's been there for a long time and collected tons of user data removes it from the App Store. haha

 

[cmaier]

Apple once again let's something pass into the Apps store and then after it's been there for a long time and collected tons of user data removes it from the App Store. haha

Apple can’t review profiles that users choose to download from a third party website.

 

[GeoStructural]

Apple once again let's something pass into the Apps store and then after it's been there for a long time and collected tons of user data removes it from the App Store. haha

And some people here would swear and die for Apple Store procedures.

Geez, I talked (not texted) to a friend about going to a Chiropractor and now all my ads are related to that. Yes, my phone is spying on me and Apple is doing nothing to prevent it.

The other day a friend also told me about meeting Daniel Radclife and guess what! then creepy YouTube is suggesting a video of Daniel Radcliffe meeting fans outside theater in New York.

 

[cmaier]

And some people here would swear and die for Apple Store procedures.

Geez, I talked (not texted) to a friend about going to a Chiropractor and now all my adds are related to that. Yes, my phone is spying on me and Apple is doing nothing to prevent it.

what are your subtracts related to?

 

[GeoStructural]

what are your subtracts related to?

Ads! Corrected. Thanks.

 

[WannaGoMac]

This is why I’ve started to delete many apps and use the mobile web site. At least with web site I can use blockers

 

[fairuz]

Installing a new root CA is the worst thing you could ever do, and regular users don't know what that means. Evidently Apple needs to make it harder.

 

[Dave-Z]

Installing a new root CA is the worst thing you could ever do, and regular users don't know what that means. Evidently Apple needs to make it harder.

As someone who installs my own root CA, Apple has made it harder. When I do it I've found that, even after installing the root certificate, by default third-party root CAs not enabled. You have to go to Settings > General > About > CAs > Toggle Enable > Accept the model dialogue prompt.

Short of not allowing them at all, I'm not sure what more Apple can do. There are valid reasons for installing them.

 

[Zahni]

I tried LUNA VPN on IPAD I don't get that Youtube-Popup. Something changed?

 

[scottishwildcat]

Apple can’t review profiles that users choose to download from a third party website.

They can’t, but it’s hard to believe that when reviewing any app whose purpose is to block or redirect your internet traffic, a human doesn’t at least run through the setup process once to see if anything looks fishy.

 

[Tech198]

"Free and Unlimited VPN"

Ideally, an app wouldn't be needed for that, just the VPN.

 

[macintoshmac]

Serious question, is MR just a news aggregator where people have to go elsewhere to get full and more information? The least this article could have to become meaningful is the list of apps to watch out for. Same happens when posting about Apple seeds, the articles never contain build information now as they used to.

 

[Mick-Mac]

I'm guessing this all started with people download another "free" app and then being just blown away that all the work and effort the developers put into that "free" app actually cost them something. When are people going to realize that nobody was put on this earth to make a living out of developing and maintaining products that they just give away to other people...

 

[maxfromdenmark]

I think it’s time to Apple should provide a safe and build in VPN service for Mac and iOS users. If Apple cares so much about our privacy as it saying.

 

[Rexogamer]

This isn’t “sensical” because “we’re an analytics company”, this is scummy. Share the fact you’re collecting this data!

But to be honest, having to install an *enterprise profile* to block ads is a bit silly, and people should’ve cottoned on.

 

[GeoStructural]

I think it’s time to Apple should provide a safe and build in VPN service for Mac and iOS users. If Apple care so much about our privacy as it saying.

And risk upsetting China? No way.