The Dark Side Of Vpn And Ad Blocking Apps
It took us time to really understand the warped ways our data can be used, but now that we have, many of us are taking precautions to limit what companies know about us. When we talk about protecting our data the conversation revolves around installing VPNs to trick websites. If you want to keep your data safe, the obvious answer is to sign up with a VPN service, except it isn’t!
An investigation has found that Sensor Tower, an analytics platform being used by investors and tech developers, was secretly harvesting data from millions of Android and iOS users who had installed popular ad blocking apps and VPN. So, what happened?
Table of Contents
What’s a VPN?
Before we move further, it is important to understand what a VPN (virtual private network) is.
When you connect to the internet through a router, you’re assigned an IP address. This tells the websites that you’re browsing as to where you’re connecting from and they use this information to target advertisements.
What a VPN essentially does is it plays a middle man through which all your traffic flows so that when you visit a site, your online activity is funneled through a remote server. You could be in USA and the website you’re on may think you’re based in the UK. The traffic is encrypted and even your service provider can’t see what you’re doing online. Neat right?
Nobody knows what you’re doing online except the VPN provider. They know. And, those controlled by Sensor Tower are sharing their data.
Sensor Tower Debacle
The VPN and ad blocking apps harvesting data for Sensor Tower have been downloaded more than 35 million times. Since 2015, it is estimated that the company owned at least 20 iOS and Android apps. Google Play store recently made four of these apps, Adblock Focus, Luna VPN, Free and Unlimited VPN, and Mobile Data, available to its users. Apple on the other hand, hosted two of these apps, Luna VPN and Adblock Focus, on its play store. Since Buzzfeed News investigated these shady tactics, Adblock Focus has been removed from Apple store and Mobile Data from Google Play store.
So, how did Google and Apple miss this threat?
Root Certificate
The root certificate is a pesky little file that grants the issuer access to all the data and traffic that passes through the phone. If a user gives an app root privileges, they become open to all sorts of risks. It is for this reason that Google and Apple restrict root privileges, but Sensor Tower’s app managed to bypass this. How?
These apps prompt you to install the certificate from an external website thereby, slipping under Google and Apple’s radar.
So, Now What?
If it’s help, you might like to know that the head of mobile insights at Sensor Tower, Randy Nelson, said their apps don’t track, request or store sensitive information like usernames and passwords from their users or other apps installed on the user’s phones like web browsers.
So, what can you do? Till this blows over, you’d do well to stay away from VPNs. All you can do now is hope for the best and as you surf the net, use a high-speed internet to ensure at least it’s all worth it. Use a reliable and trustworthy ISP that can’t get away without disclosing to you such crucial information. Spectrum packages are a great option to consider and will have you covered. Till then, stay away from sketchy sites and apps, and don’t share data you wouldn’t want to get in anyone’s hands!