Sensor Tower, a technology analytics firm, has been harvesting data from millions of users across iOS and Android through VPN and ad-blocking apps that the company secretly owns.
According to a new report from Buzzfeed News, Sensor Tower has an app intelligence platform used by developers, venture capitalists, and others to track usage trends and popularity of apps. Its apps ask the user to install a root certificate which gives it access to all data and traffic flowing into and out of the device.
Such methods are not only against app store policies but also expose users to hacking by creating the equivalent of a backdoor.
It’s wasn’t initially clear that the apps — which include Free and Unlimited VPN, Luna VPN, and Adblock Focus — were owned by Sensor Tower, nor were their users made aware that by using them they were exposing their data to potential risk.
Randy Nelson, Sensor Tower’s head of mobile insights, says that the company hid the fact that they owned the apps for competitive reasons, and that most of the apps being accused of data harvesting are now either “defunct” or “in the process of sunsetting.”
“When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense — especially considering our history as a startup,” he said, adding that the company originally started with the goal of building an ad blocker.
According to an Apple spokesperson, a dozen of the apps owned by Sensor Tower have been previously removed from the iOS App Store due to violations. The company is continuing to investigate the apps from Sensor Tower that remain active on the App Store.