Apple recently removed an ad-blocking app owned by Sensor Tower after an investigation found the analytics firm to be secretly collecting user data through a variety of iOS and Android apps.
According to BuzzFeed News, Sensor Tower has distributed at least 20 data-harvesting apps on the App Store and Google Play store since 2015. The apps, many which have been removed for violating store guidelines, install a root certificate on a target phone to monitor data traffic and other user metrics.
Two apps, Adblock Focus and Luna VPN, were recently active on the App Store, while four apps — Free and Unlimited VPN, Luna VPN, Mobile Data, and Adblock Focus — were available in the Google Play store. Apple removed Adblock Focus and Google booted Mobile Data after being contacted by the publication. Luna VPN is currently under investigation by Apple.
None of the apps in question revealed an association with Sensor Tower, nor did they disclose data gathering operations designed to inform the company's analytics products. As noted by BuzzFeed News, however, code used in the apps was authored by developers who work for the firm.
An Apple spokesperson said a dozen Sensor Tower apps were previously banned from the App Store for violating terms of service, according to the report. The company strictly enforces privacy protocols that restrict developers from installing root certificate privileges on consumer devices, as the mechanism can reveal a bulk of iPhone's transmitted data and sensitive information. A number of high-profile tech companies have run afoul of those rules, including Facebook and Google.
Randy Nelson, Sensor Tower's head of mobile insights, in a statement to BuzzFeed News said the apps did not gather sensitive user data or personally identifiable information. Further, he noted "the vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting."
"We take the app stores' guidelines very seriously and make a concerted effort to comply with them, along with any changes to these rules that occur from time to time," Nelson said.
As for branding, Nelson said Sensor Tower kept its involvement a secret for competitive reasons.
"When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense — especially considering our history as a startup," Nelson said. He added that the company's original intention was to build an ad blocker, but was unable to provide evidence of the project.
4 Comments
Why do people continue to trust these VPN providers, especially the free or low cost ones? Money is money is money and you don't get anything free. So the very people claiming they protect your privacy are selling your data to the highest bidder?
Anonymous tech fan: These analytics firms are just guessing. They don't know anything. Pulling numbers out of their butts.
Sense Tower: That's right, Mr. Avery Carmichael Serutti of 214 E. West St, Hoboken, NJ. We have no idea that you're a 42 year old avid comic book collector and porn enthusiast. Even though we don't know any of that, it's no surprise that you used a phrase containing butt play. The fact that your bi-weekly trips to Atlantic City always coincide with frantic late night texts to, and subsequent Venmo loans from, your exasperated mother Shirley... those things sir, we just guessed.
I'd be willing to bet Sense Tower isn't the only firm harvesting and selling data through surreptitious means.
App Stores are cesspools. Apple’s is better than Google’s in policing the Apps, but “free” ain’t free. Ads within Apps to other free Apps can only pay so many of the bills. They’re selling the data collected.
I’d say ban anything associated with Sense Tower, but they’d just change their name...
Apple hunting down bad actors from analyzing the code, and matching it to other Sense Tower Apps is an interesting trick. The problem is copying code (much of it freely available online) is something that is done by most programmers.
I wouldn’t want to be person in charge of policing these stores. I’m sure they use AI to help, but they still have an impossible job.
“The company strictly enforces privacy protocols that restrict developers from installing root certificate privileges on consumer devices”
...usually after they’ve been tipped off by the press.