Cyber security news for all


    Sensor Tower is apparently behind a whole network of VPN apps

    Several ad blocker apps from the provider Sensor Tower secretly collect user data in the background. Sensor Tower has access to all user data on the smartphone via the apps. Apple has already removed two apps.

    Violation Of App Store Terms

    In total, there should be 15 apps. Most of them have already been removed from Apple’s App Store. Google has also removed some of the controversial apps. Because the apps violate the conditions of the app stores. BuzzFeed News reports that the apps come from Sensor Tower, a firm that bills itself as “the leading provider of market intelligence and insights for the global app economy.

    Users Should Install A Root Certificate When Installing The Apps

    The certificate grants access to all user data. Google and Apple prohibit these certificates for security reasons. However, Sensor Tower circumvents the regulations, since users should install the certificate via an external website and not directly via the app. In addition, it is not obvious to users that the apps belong to the company Sensor Tower and pass data on to them. The apps advertise to block ads on YouTube. It is currently still available in the Google Play Store and has been downloaded over thousand times.

    As already mentioned, Sensor Tower defends its approach because no sensitive data has been collected and everything has been anonymized. There is no cause for excitement, because most of the company’s criticized apps have already been discontinued or are in the process of saying goodbye. However, this was usually not done voluntarily, because, as Apple announced, around 15 apps from Sensor Tower have already been removed from the official app store in the past because they violate the guidelines.

    Apple and Google don’t want apps to handle root certificates. Sensor Tower circumvented this requirement by having the apps issue a prompt after the installation, which should then trigger the installation of a certificate via an external website. This whole matter is at least flimsy, partly because the connection to Sensor Tower was deliberately put in the background.

    Recent Articles

    Related Stories