Sensor Tower, a well-known analytics platform, was busted to secretly collect millions of user data

As cited by Buzzfeed News, Sensor Tower, a well-known APP analytics platform, uses VPN apps and de-advertising apps to collect data from millions of users of Android and iOS platforms. The apps have been downloaded more than 35 million times worldwide, but the app description does not reveal a link to Sensor Tower or collect user data from the company.

Sensor Tower, a well-known analytics platform, was busted to secretly collect millions of user data

Media found that since 2015, Sensor Tower has launched at least 20 Android and iOS apps. There are currently four available on the Google Play Marketplace: Free and Unlimited VPN, Luna VPN, Mobile Data and Adblock Focus. Adblock Focus and Luna VPN are on the shelves in the App Store.

After Buzzfeed News contacted Google and Apple, Google dropped the Mobile Data app and Apple removed the Adblock Focus. Both companies said they would continue their investigations.

Sensor Tower, a well-known analytics platform, was busted to secretly collect millions of user data

Sensor Tower’s application prompts the user to install the root certificate, which the publisher can use to access all traffic and data delivered over the phone. The company told BuzzFeed News that it only collects anonymous usage and analytics data that has been integrated into its products.

Armando Orozco, an Android analyst at Malwarebytes, says granting root privileges to apps puts users at great risk. “Your typical user would think about it, oh, I’m blocking ads, but I don’t really realize how intrusive this could be,” he said. “

Randy Nelson, head of mobile insights at Sensor Tower, said the company did not disclose ownership of the apps for competitive reasons. “It makes sense when it comes to the relationship between these types of applications and an analytics company – especially given our history as a start-up,” he said, adding that the company’s initial goal was to build an ad blocker.

Nelson says the company’s applications do not collect sensitive data or personally identifiable information, and that “the vast majority of these applications listed are now retired (inactive) and some are being phased out.”