20 popular VPN, ad-blocking apps caught spying on users
In a major shocker, at least 20 apps dedicated to VPN and ad-blocking services have been caught spying on their users. The programs - all built by analytics firm Sensor Tower - appeared to work just like other apps providing these services. But, in reality, they were mining data from their owners' phones. Here's all you need to know about it.
Apps gained access to web traffic and shared with owner
According to BuzzFeed News, the Sensor Tower apps, downloaded 35 million+ times, gained access to all traffic and data passing through several iOS and Android devices and shared that information with their owner. They redirected unsuspecting users to install a third-party root certificate that would bypass the restrictions put in place by Google and Apple's app stores and ultimately spy on their private traffic.
Everything happens without letting the users know
All the apps flagged by the outlet engaged in the same shady activity, without giving a hint to the users. Per BuzzFeed, the apps neither disclosed their "connection to the company (Sensor Tower)" nor revealed that they "feed user data" to its products. Notably, many of them were not even removed by Google and Apple for flouting their rules.
Now, Google and Apple have launched a crackdown
Following the report, Apple and Google took down most of the apps in question and launched an investigation into the ones that were allowed to stay on their respective app stores. Prior to this, BuzzFeed's Craig Silverman said, Apple had removed around 13 of the shady Sensor Tower apps over the years, while Google had pulled just one.
Sensor Tower says it only collected anonymized data
Meanwhile, Sensor Tower head of mobile insights Randy Nelson told BuzzFeed that they never mined personally identifiable or sensitive information like passwords/usernames. "We take the app stores' guidelines seriously and make a concerted effort to comply with them, along with any changes to these rules," he said while noting that many of these apps were either already removed or being killed-off.
