Market Research Firm Uses Free VPN Apps to Harvest Data From Consumers
Market research firm Sensor Tower has been secretly using free VPN apps on Android and iOS to harvest internet activity data from millions of consumers, BuzzFeed reports.
VPN services are designed to prevent ISPs from snooping on your website lookups by encrypting your web traffic and routing it through a private server operated by the provider. Usually, you pay a monthly fee to a VPN provider and they keep your web traffic secure while vowing to never share the data with others. But according to BuzzFeed, the Sensor Tower apps—Free and Unlimited VPN and Luna VPN—collect your web traffic data and share it with Sensor Tower’s app intelligence platform. Clients such as developers, venture capitalists, and publishers can then use the data to study market trends.
Neither of the apps, however, make any mention of being connected with Sensor Tower. They instead come from brands named “Emban-Networks” and “Baby Blue Wireless,” which also offer another data-collecting app called Adblock Mobile.
In addition, the free apps will prompt the user to install a trusted root certificate, which can give the apps access to all the internet data flowing through the phone. In return, the apps promise to speed up your web connections.
The story appears to be another example of the old adage: “If you’re not paying for the product, you are the product.” However, Sensor Tower told PCMag the apps never collect any sensitive data or personally identifiable information. The goal with the data collection was to simply study ad views.
“In fact, based on the way our apps are designed, such data is separated before we could possibly view or interact with it, and all we see are ad creatives being served to users,” the company said in an email. “What we do store is extremely high level, aggregated advertising data that may demonstrate trends that we share with customers.”
When you install the apps, they will show you a prompt that stresses that no “phone numbers, emails, text messages, usernames/passwords, [or] bank information” will be collected. But whether you should trust Sensor Tower is another matter. You’re essentially taking the company’s word that your data is being secured. Meanwhile, the privacy policies for the company’s two free VPN apps say little about what web traffic data is actually being collected, or how the information is being anonymized. The fact that neither app lists any connection to Sensor Tower is also alarming.
It isn’t the first time free VPN services have faced scrutiny. Past research has found that some free VPNs can leak your internet activity or ask for suspicious permissions that can compromise your privacy. US lawmakers have also voiced concern that foreign-made VPN applications from China and Russia may present a spying risk.
In the case of Sensor Tower, BuzzFeed says Apple removed a dozen of the company’s apps over the years due to policy violations. Google is also investigating the Sensor Tower apps as well. But for now, both Free and Unlimited VPN and Luna VPN remain up on the Google Play Store. Luna VPN is also still up on the iOS App Store.
Sensor Tower added: “Based on the feedback we’ve received, we’re taking immediate steps to make Sensor Tower’s connection to our apps perfectly clear, and adding even more visibility around the data their users share with us.”