After an investigation by BuzzFeed News, Apple has pulled certain VPN and ad-blocking apps from its App Store. The apps were found to be collecting data and sending it to an analytics firm - without the user's knowledge.
That firm is Sensor Tower, which also owns the offending apps. However, as a user you wouldn't know that they were connected to Sensor Tower as the relationship was kept hidden.
The company has around 20 Android and iOS apps which have been downloaded around 35 million times. Four of them were recently on the Google Play store:
- Free and Unlimited VPN
- Luna VPN
- Adblock Focus
- Mobile Data
Google has removed the latter, and Apple removed Adblock Focus from the Apps Store. Both are investigating Sensor Tower's other apps, including Luna VPN. Apple had already pulled around a dozen of Sensor Tower's apps because they violated privacy policies.
This was because they install a so-called 'root certificate' which gives the app access to usage data, such as which apps you use, as well as potentially sensitive information. Usually, apps which request root access are banned from app stores, but Sensor Tower's apps got around this by prompting them to do something once the app was installed.
In the case of Luna VPN, the request is designed to look like you're enabling an adblock extension to block ads in YouTube, but as part of the process it installs the root certificate.
When faced with a prompt like this, most people will tap OK and then install the profile.
When BuzzFeed News spoke to Sensor Tower, a spokesperson said the data was anonymised and didn't contain any personally identifiable information.
Only use reputable apps
It's amazingly simple to set up your own VPN service, and even easier to buy one from a white-label supplier. And this is one of the reasons why there are so many VPN apps in app stores.
VPNs are becoming popular thanks to their ability to encrypt your internet connection and allow to you appear to be located in a different region.
But these services rely on trust, since there's no easy way to tell whether they're doing what they say they are or not.
You can't even rely on user reviews, as there are scores of fake reviews on app stores generated by malware-ridden apps that you might not even realise are installed on your Android phone.