Pixel Envy and iOS apps didn’t disclose their data-farming ties in two separate cases.

Craig Silverman BuzzFeed News

Sensor Tower, an analytics platform used by tech developers and investors has secretly collected data from many millions of Android and iOS users. This was revealed in a BuzzFeed News investigation. This app, which doesn’t give out any information about the company nor reveal whether it feeds user data to Sensor Tower, has more than 35,000,000 downloads.

Sensor Tower is the proud owner of at least 20 Android apps and iOS apps. The Google Play store recently made four of them available — Free and Unlimited VPN and Luna VPN as well as Mobile Data and Adblock Focus. Adblock Focus, Luna VPN and Mobile Data were available from Apple’s App Shop. BuzzFeed News reached out to Apple, and Google had the Mobile Data removed. They said that they would continue investigating.

Sensor Tower’s apps require users to create a root cert, which is a small file that grants its issuer full access to all data and traffic passing through their phones. BuzzFeed News reported that the company collects only anonymized usage data and analytical data. These are integrated into their products. Sensor Tower’s platform for app intelligence is used by publishers, developers, venture capitalists, investors, and others to analyze the popularity, usage trends, revenue, and sales of apps.

It is similar to Facebook using its Onavo VPN to monitor users’ apps .

Joseph Cox & Jason Koebler (Vice:

Motherboard discovered that Banjo (an artificial intelligence company working with police) used a shadow business to create a variety of Android apps and iOS apps. Although they looked innocent, the secret purpose was to scrape social media.

[…]

Banjo had no such access. Pink Unicorn Labs was created by former employees to extract social media data.

[…]

Users logged in to the app through a social network OAuth provider. However, Banjo kept the login credentials. According to two ex-employees and Kasra Rahjerdi’s expert analysis, Banjo was able save the login credentials. Kasra Rahjerdi has been working as an Android developer ever since the launch of Android. Two former employees said that Banjo scraped all social media content. Pink Unicorn Labs wrote some nonstandard code in the app. Rahjerdi claimed that it was straight from their codebase.

While these events are distinct and relate to different companies, they share similar descriptions about what is only described as an indifference toward ethical norms. There is no reason why the leaders of these companies should have to burn their souls before going to work every day. Perhaps they can treat it as a signal that something is seriously wrong.

In the future, I will see many more such reports as this, since the country with similar companies and users’ rights is often contractually obliged, has yet to pass and enforce effective privacy rights.

March 10, 2020