Researchers have found some popular adblocking and VPN apps stealthily pilfering users’ data. These apps link back to the data analytics firm Sensor Tower.
Adblocking And VPN Apps Stealing Data
BuzzFeed News has recently unveiled a malicious campaign targeting Android and iPhone users. In an investigation, they found numerous adblocking and VPN apps stealthily stealing users’ data. Further investigations established a link between the apps and the data analytics firm Sensor Tower.
As elaborated in a post, the suspicious apps were present on both Google’s Play Store and Apple’s App Store. The apps that did not specifically state their link with the firm, boasted over 35 million downloads.
Sensor Tower, a data analytics firm, owned around 20 such apps since 2015, which they continued to use for secretly harvesting users’ data. For this, the apps would install a root certificate on the target device.
Once installed, Sensor Tower’s apps prompt users to install a root certificate, a small file that lets its issuer access all traffic and data passing through a phone.
While both Google and Apple restrict root certificate privileges, the firm bypassed the limitations by urging users to download the certificate from an external website.
Though, the company’s head of mobile insights, Randy Nelson, assured that they do not collect any sensitive data. Installing root certificates is itself a suspicious and potentially malicious act that risks the security of users, according to Armando Orozco of Malwarebytes.
Some Of The Apps Removed
According to BuzzFeed News, Nelson confirmed that many of the data harvesting apps are already defunct.
The vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting.
The report also assures that Google recently removed four such apps, Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus, which were present on the Play Store. Likewise, Apple also removed two of these apps, Adblock Focus and Luna VPN, from the App Store.
The tech giants already removed dozens of such apps earlier for policy violations.
Once again, the story reiterates the need for vigilance from users when choosing free apps to use, especially VPNs. Both Android and iPhone users must remain very careful when installing apps to their devices regardless of the app ratings or userbase.
Recently, researchers also found multiple vulnerabilities in top free Android VPN apps that threatened users’ security.
Let us know your thoughts in the comments.