An analytics firm that owns at least 20 apps on the App Store and Google Play Store has been harvesting millions of people’s data, according to media reports.
San Francisco-based analytics firm Sensor Tower has been taking personally identifiable information from users of VPN and ad-blocking apps that the company owns, reports BuzzFeed.
These apps – which don’t reveal any connection to Sensor Tower, nor that they feed user data to the firm – collectively have more than 35 million downloads.
Sensor Tower has owned at least 20 Android and iOS, including Adblock Focus, for removing unwanted ads, and Luna VPN for ‘private browsing’ on Android and iOS.
It's unknown what the personally identifiable information relates to specifically.
In a statement to MailOnline, Sensor Tower denied the claims in the report.
Sensor Tower has owned at least 20 Android and iOS apps, including Luna VPN - 'the #1 rated VPN on mobile'
One installed, Sensor Tower’s apps prompt its user to install a root certificate, which gives its issuer – a certificate authority, in this case Sensor Tower – access traffic and data that passes through a phone.
Armando Orozco, an Android analyst for Malwarebytes, told BuzzFeed that giving root privileges to an app exposes a user to significant risk.
‘Your typical user is going to go through this and think, “Oh, I‘m blocking ads”, and not really be aware of how invasive this could be,’ he said.
Sensor Tower allegedly bypasses root certificate privilege restrictions set by Apple and Google in the interest of the user.