An investigation by BuzzFeed has found at least 20 free VPNs and Ad-blockers by Sensor Tower have been secretly spying on users’ phones.
The free VPNs and Ad-blockers (Android and iOS) are all Sensor Tower developed and have over 35 million downloads.
Sensor Tower, founded in 2013, is app analytics, competitive app intelligence and App store optimisation service for developers and publishers. More at Wikipedia here.
In simple English, it gathers data on apps, and it collects that from you! Developers’ embed Sensor Tower trackers in apps. Sensor Tower embeds trackers throughout the internet.
There are many competitors – App Annie, Amazon PinPoint, Flurry, Mobile DevHQ, Adobe Analytics, SmartLook and even Apple and Google app store and analytics.
We make the point that these apps should harvest non-personally identifiable data for the stated purpose – to improve app performance and ratings.
It appears Sensor Tower overstepped the mark
Since 2015, Sensor Tower has owned at least 20 Android and iOS apps. Four of these — Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus — were recently available in the Google Play store. Adblock Focus and Luna VPN were in Apple’s App Store. Apple removed Adblock Focus and Google removed Mobile Data after being contacted by BuzzFeed News. The companies said they continue to investigate.
Once installed, Sensor Tower’s apps prompt users to install a root certificate. This is a small file that lets its issuer access all traffic and data passing through a phone. The company told BuzzFeed News it only collects anonymised usage and analytics data, which is integrated into its products. Sensor Tower’s app intelligence platform is used by developers, venture capitalists, publishers, and others to track the popularity, usage trends, and revenue of apps.
What is wrong with this?
We are not accusing Sensor Tower of collecting personally identifiable information. Still, by not disclosing it owned these apps and disguising them as VPN or Ad-blockers then it is deceptive.
Internet privacy is an oxymoron.
At a minimum
- Never install a free app without reading its privacy agreement
- Do not give an app access to contacts, mail or any other private information
- Never use Facebook, Twitter, Apple ID, Google or other social media to sign into other supposedly unconnected sites (single sign-on)
- Sign out of any browser logins before browsing
- Use In-private Windows for browsing
- Run AdBlock Plus, Ghostery, DoNotTrackMe, or similar
- Use in private browsing mode and privacy settings to maximum
- Use Shutup10 and turn everything off except Windows Updates
- Clean your tracks daily with Wise Disk Cleaner (Windows)
- Use a proper, paid VPN