VPN apps with 35 million downloads caught stealing data

VPN apps with 35 million downloads caught stealing data
© Mikhail Primakov | Dreamstime.com

We already know tech companies are gleefully collecting our data for profit. Between selling data to advertisers and sharing it with law enforcement, you never know what’s happening with your information. But one thing remains certain: Data is big business.

Just ask Facebook, which became a multibillion-dollar company on the backbone of millions of people’s data. And after building the web’s most impressive advertising engine, it continues to sell user data for staggering returns. Tap or click here to see what Facebook is doing with your data right now.

Thankfully, privacy scandals have forced most of these companies to come clean about how they’re handling customer data. But some fly under the radar — like this collection of VPN and ad-blocking apps that secretly harvested information. Do you have these apps on your phone?

Apps that can’t be trusted

An investigative report by Buzzfeed News revealed SensorTower, an analytics platform used by software developers and investors, was secretly collecting data from millions of people through a collection of VPN and ad-blocking apps.

These apps did not publicly reveal their connection to SensorTower and all of them have been downloaded collectively more than 35 million times. To make matters worse, these apps were available to both iOS and Android users, casting an incredibly wide net for data collectors.

If you download an app connected to SensorTower, it installs what’s called a “root certificate” on your phone. These tiny files allow the developer to access all data traffic a phone broadcasts. SensorTower told BuzzFeed News this data was anonymized, but that’s hardly the point.

These developers didn’t inform anyone of what they were doing. Upon informing Apple and Google about SensorTower’s apps, Apple responded by removing several from its App Store. Google removed four and is currently investigating further action.

Related: Tap or click to find out more about the malware epidemic on the Google Play Store

It just goes to show how deep the rot goes in the data collection industry. If it were such a normal and noninvasive business practice, why not tell customers upfront? Are the developers afraid people won’t use their products?

What can I do to stop this?

Check your phone now to see if you have any of these apps, regardless of whether you’re using an iPhone or Android device. If you do, delete them immediately. The root certificate won’t be able to do anything without the app installed.

  • Free and Unlimited VPN
  • Luna VPN
  • Mobile Data
  • Adblock Focus

If you’re still anxious about whether the apps on your phone are safe to use, you might want to delete any you’re not 100% sure about. Usually, apps from large-scale developers are more reliable and upfront about how they use your data. Tap or click here for how to tell if a Google Play app is safe.

The best thing you can do to protect your privacy is to remove as much information about yourself from the internet as possible. Don’t fill out unnecessary forms, even if it’s just on an innocent-looking social media app and turn off all unnecessary location settings.

Tags: advertisers, Apple, Apple iPhone, Customer data, data collection, Facebook, information, investors, law enforcement, profit, software developers, tech companies, user data