Cyber security news for all

More

    Sensor Tower is apparently behind a whole network of VPN apps

    Several ad blocker apps from the provider Sensor Tower secretly collect user data in the background. Sensor Tower has access to all user data on the smartphone via the apps. Apple has already removed two apps.

    Violation Of App Store Terms

    In total, there should be 15 apps. Most of them have already been removed from Apple’s App Store. Google has also removed some of the controversial apps. Because the apps violate the conditions of the app stores. BuzzFeed News reports that the apps come from Sensor Tower, a firm that bills itself as “the leading provider of market intelligence and insights for the global app economy.

    Users Should Install A Root Certificate When Installing The Apps

    The certificate grants access to all user data. Google and Apple prohibit these certificates for security reasons. However, Sensor Tower circumvents the regulations, since users should install the certificate via an external website and not directly via the app. In addition, it is not obvious to users that the apps belong to the company Sensor Tower and pass data on to them. The apps advertise to block ads on YouTube. It is currently still available in the Google Play Store and has been downloaded over thousand times.

    As already mentioned, Sensor Tower defends its approach because no sensitive data has been collected and everything has been anonymized. There is no cause for excitement, because most of the company’s criticized apps have already been discontinued or are in the process of saying goodbye. However, this was usually not done voluntarily, because, as Apple announced, around 15 apps from Sensor Tower have already been removed from the official app store in the past because they violate the guidelines.

    Apple and Google don’t want apps to handle root certificates. Sensor Tower circumvented this requirement by having the apps issue a prompt after the installation, which should then trigger the installation of a certificate via an external website. This whole matter is at least flimsy, partly because the connection to Sensor Tower was deliberately put in the background.

    Recent Articles

    KuCion crypto confirms 150 million dollar security breach

    Cyber criminals were able to steal from the KuCion crypto and stole coins worth millions. On the evening of last Friday, KuCion crypto noticed...

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox