An investigation has revealed that Sensor Tower, a tech platform that allows developers to gather usage data, has been collecting information about millions of users from apps such as VPNs and ad-blockers.
According to a BuzzFeed News investigation, Sensor Tower owned numerous other apps in the past five years, such as various VPN and ad-blocking solutions. While many of these apps are no longer in use, a lot of anonymized data was collected and still exists.
The problem resides with a root certificate that apps such as Free and Unlimited VPN or Adblock Focus were installing on users’ devices. Since installing root certificates, via the official app stores, is not permitted, the developer skirted the limitation by prompting users to install the certificate from a website.
“When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense — especially considering our history as a startup,” said Randy Nelson, Sensor Tower’s head of mobile insights, trying to explain why they built apps this way.
He also said no personal data is collected from users and many of the apps owned by Sensor Tower no longer exists. As it turns out, many of the apps the company owned were actually removed from the official app store for various violations.
“We take the app stores’ guidelines very seriously and make a concerted effort to comply with them, along with any changes to these rules that occur from time to time,” Nelson added.
There’s no indication that the practice of collecting data from such apps stopped, so users should seriously think about who they are giving personal information to, even if it’s technically anonymized.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: https://hotforsecurity.bitdefender.com/blog/some-vpn-apps-secretly-gather-anonymized-user-data-22458.html