Recently, the well-known mobile application data analysis company Sensor Tower used iOS and Android’s VPN and ad-blocker applications to secretly collect data from millions of users. Since 2015, Sensor Tower has launched at least 20 Android and iOS applications, which have been downloaded more than 35 million times worldwide. When the installation is complete, the above applications will prompt the user to install a root certificate, allowing the publisher to access all traffic and data transmitted through the phone. Researchers have discovered that these applications contain code written by Sensor Tower developers, and this code is linking them to Sensor Tower. However, Sensor Tower explained that they only collect anonymous usage and analysis data, which has been integrated into their products. Developers, investors, publishers can track their popularity, usage trends, and profitability through the intelligent platform of these applications more simply.
In fact, considering user information security issues, both Apple and Google have restricted root certificate privileges for applications. The Sensor Tower app bypasses the restrictions by prompting the users to install a certificate from an external website after downloading the application. According to this news, users should be aware of the following points:
- Sensor Tower is not the only one using this method to collect users’ data;
- App Annie, Sensor Tower’s straight competitor, also has similar usage tracking activities;
- Many users fail to read and clearly comprehend their privacy policies;
- Be aware of the real purpose behind such apps that are not declared to the users.
An application is as secure as its weakest link in code, that’s why starting early and removing code errors before they turn into security risks will be rewarded by lower software maintenance costs. Security should be at the core of any application development process, securing the code arguably brings the most security benefits compared to other activities. LIFARS’ Secure Code Review service can reduce overall development costs by identifying and eliminating security gaps within an application while still under development.
Contact LIFARS Immediately for