It might seem as a baffling shock when you come to know that the very applications that promised to secure your smartphone are doing just the opposite. I am referring to VPNs, and Ad Blocking apps that were meant to protect your personal data from the e-commerce giants and other marketing agencies are actually collecting that data and supplying it to them. This is rather a very strong allegation, and the base for such a claim comes from the BuzzFeed News which recently investigated products released by Sensor Tower, which is a well-known analytics platform for tech developers and investors.
The recently conducted investigation by Buzzfeed News has identified certain VPNs and Ad Blocking apps for Android and iOS to maintain records of user’s personal information and send it to the server located in Sensor Tower, an organisation, which offers cross platform data analytics service.
The prying apps include:
Luna VPN (Android and iOS)
Adblock Focus (Android and iOS)
Mobile Data (Android)
Free and Unlimited VPN (Android)
Also Read: Steps To Configure VPN Access On iOS
What Harm are These Apps Posing to my Device and How?
No app can gather user data until it has root access to the device’s files and folder. This access remains only with the default apps of Google and Apple and is not granted to any third-party apps. To get complete access to the files and folders of an Android or Apple smartphone is restricted by norms and policies of Apple and Google.
However, it is possible for apps to take advantage of a loophole and pass through the restrictive barrier. Sensor Tower’s apps bypass the constraints by encouraging users to install a certificate from a third-party website after an app is downloaded. This is accomplished by inculcating extra features in the app, which does not ask for these permissions while installing and running with limited functionality. Once installed, it then coaxes the users to opt for extra features and then ask for extra permissions to enable those features. One of those additional permissions includes root access, which most of us do not know what it is. For example, in the case of Luna VPN, the app offered an extra feature of blocking ads on YouTube which I might say are annoying, and in turn, asked for root access permission from the user to activate this feature.
The organisation in question here is Sensor Towers, which has been collecting data from over 35 million people to whom it has offered free ad blocking apps and VPNs. There is no visible connection between these apps and Sensor Tower, but it has been established that Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus are owned by Sensor Tower. All four of these apps were available for download on Google Play Store, and only two of them Adblock Focus and Luna VPN could be installed by Apple users from the App Store.
The current scenario after Buzzfeed published its investigation and contacted both Google and Apple is the fact that these applications are being surveyed upon and they continue to investigate. Apple has removed Adblock Focus from Apple App Store and Google has eliminated Mobile Data immediately.
Also Read: 5 Best Ad Blocker Apps on Android In 2020
What Does a VPN and Ad Blocking App Actually Do?
An Ad Blocking application is designed to block certain types of malware which intrude your device in the form of ads displayed and collect your personal information like Name, Phone number, Address, Banking information, along with your browsing history and pattern of purchase and send it to a server. The server then classifies the stored data and makes it ready for sale to the highest bidder. This data is then used for marketing purposes, and if the data falls into the wrong hands, then it can be used to derive your banking information and probably hack into accounts.
The same goes for a VPN service which masks your IP address with one of its own servers to protect your purchase history and browsing details from the user requested websites. However, if the details of the websites and webpages you clicked are being stored and sorted for sale to clients then the sole purpose of installing a VPN is not met. It would be better to surf the internet without one as you would at least know which website you have visited and what does it sell and advertise. For example, if you are interested in taking a professional course on management, it is natural to see advertisements of various universities and institutes which offer the course. What could be surprising is the fact that you begin to see a variety of ads relating to a Microwave Oven, something which you never searched for.
How did Buzz Feed Identify That These Apps were Harvesting Data?
The detailed techniques of the investigation conducted by BuzzFeed are not made public. But from the few details known, we have come to know that investigators first discovered that these apps contain a certain code which was authored by a few developers who worked for Sensor Tower. Digging a bit more, led to connection between personal websites, online resumes and other details of those developers and Sensor Tower.
On further investigation, the company accepted the fact that it only collects anonymized usage and analytics data, which is then used formarketing its products. As I mentioned earlier, Sensor Tower has an intelligence platform, which is used across the globe by developers, publishers, venture capitalists and others to find out the usage trends, popularity and revenue. Now, these trends cannot be just randomly created but have to be pulled out of real data and analysed. That is why the Sensor Tower created the apps in the first place.
This is not the first time Apple has removed an app from its App Store. Around a dozen of other apps, all traced to Sensor Tower were previously removed due to policy violations. This time the apps in question, namely Luna VPN and Adblock Focus were not directly linked to Sensor Tower.
What do Experts Say on Uninstalling VPNs and Ad blocking Applications?
From the quotes available on the BuzzFeed News, Amrando Orozco who works for MalwareBytes stated that any app that accesses the root permission of an Android device can pose as a significant threat to the user.
“Your typical user is going to go through this and think, Oh, I‘m blocking ads, and not really be aware of how invasive this could be,” he said.
On the other hand, Randy Nelson, who currently heads Sensor Tower’s mobile insights, said the company chose to keep the ownership of the apps hidden for competitive reasons.
“When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense — especially considering our history as a startup,” he said.
Nelson assured Buzzfeed News that the company does not collect Sensitive data and other personal information of the users.
“Our apps do not track, request, or store any sensitive user data such as passwords, usernames, etc., from users or other apps on a user’s device, including web browsers,” Nelson said.
“We take the app stores’ guidelines very seriously and make a concerted effort to comply with them, along with any changes to these rules that occur from time to time,” Nelson said.
Should I Uninstall My VPN and Ad Blocking Apps from My Mobile?
The first and most important task all of should carry out is to check if any of the above listed apps are installed on your devices. If yes, then please uninstall them as you read this article. There is a possibility that you might have not installed it from the Google Play Store or Apple Store due to unavailability and sideloaded them from a third-party source.
Remember these apps do not list their data tracking capabilities or their connection to Sensor Tower. There might many more which have not been tracked and are still gathering data from your devices. If you have any VPN or ad blocking apps installed on your computer, run a search on Google to check who the developer was. If it turns out to be Sensor Tower, then delete these apps immediately. Also, run a search for free apps on your device. You can be assured about the default apps by Google or Apple but other than that all free apps fall under suspicion.
Just ask yourself “Why would someone give me an app for free?”
While installing any new application, remember to check thoroughly what all permissions are being asked by the application and whether it requires these to function. For example, an ad blocking app needs to access your browser but not your files and folders. Similarly, a VPN does not require camera access for whatever it does and if you find that it asks you this unrequired permission then deny that and uninstall the application immediately.
While monitoring the permissions asked by application during installation, also take heed that the app does not ask for permission to root access. Granting this permission means the app can now directly access your entire phone’s data including files, folders, apps and something more dangerous – it can do whatever it wants on your device.
A Final Summary and Conclusion
To summarize, Buzzfeed has ingeniously discovered that certain apps collect data and use it for observing marketing trends and developing strategies. This data, when organized, turns into information and is sold to others who benefit analysing either the whole or some partial sections of this information. These customers then formulate their marketing strategies and are bound to be successful as they have a clear idea of what the customers are expecting.
I believe that each app should be thoroughly checked and reviewed before installation and this above investigation also strengthens my belief that we need to be careful about all the free things in our life.