Sensor Tower, an analytics platform that aggregates data on app downloads and usage for developers, has been secretly collecting data from millions of Android and iOS users who have installed popular VPN and ad-blocking apps, reports Buzzfeed News.
These apps, which are owned by Sensor Tower, do not disclose that their user data powers Sensor Tower's analytics platforms. iOS and Android users have downloaded the apps more than 35 million times.
Some of Sensor Tower's 20 or more apps on iOS and Android include Adblock Focus and Luna VPN, with the former having been removed by Apple after Buzzfeed News alerted Apple's App Store team about the existence of the app. Free and Unlimited VPN and Mobile Data were also on the Google Play Store, but Google has since removed Mobile Data.
When installed, Sensor Tower's apps are designed to prompt users to install a root certificate, which lets Sensor Tower monitor all traffic and data passing through the phone. Sensor Tower bypasses Apple and Google's restrictions on root certificate privileges by requiring users to install the certificate through an external website.
Sensor Tower told Buzzfeed News that it collects anonymized usage and analytics data to determine the popularity, usage trends, and revenue of apps. Ownership of the apps was not disclosed due to "competitive reasons," according to Randy Nelson, head of mobile insights at Sensor Tower.
"When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense -- especially considering our history as a startup," he said, adding that the company originally started with the goal of building an ad blocker. (He was unable to provide media coverage or other evidence of this early focus.)
He went on to explain that many of the apps are now defunct or are "in the process of sunsetting," which Buzzfeed points out is because they were removed from Apple and Google's App Stores due to policy violations.
An Apple spokesperson confirmed that a dozen Sensor Tower apps had previously been removed from the iOS App Store due to violations. Both Google and Apple are continuing to investigate Sensor Tower's apps, and more information on Sensor Tower's data collection practices can be found over at Buzzfeed News.
iOS users should be wary of installing VPN and ad-blocking apps from unknown developers, and should avoid apps that ask for certificates to be installed.
