Analytics firm Sensor Tower secretly harvested user data through VPN and ad blocking apps

Sensor Tower, a technology analytics firm, has been harvesting data from millions of users across iOS and Android through VPN and ad-blocking apps that the company secretly owns, according to a new report by Buzzfeed News.

Since 2015, Sensor Tower has developed over twenty apps for iOS and Android that has been downloaded over 35 million times. Once installed, the apps ask for a root certificate which gives the company access to all data and traffic going through that device. Armando Orozco, an Android analyst for Malwarebytes, says that giving root access to an app exposes the user to much more risk than they typically realize.

"Your typical user is going to go through this and think, Oh, I'm blocking ads, and not really be aware of how invasive this could be."

Randy Nelson, Sensor Tower's head of mobile insights, says that the company hid the fact that they owned the apps for competitive reasons, and that most of the apps being accused of data harvesting are now either "defunct" or "in the process of sunsetting".

"When you consider the relationship between these types of apps and an analytics company, it makes a lot of sense — especially considering our history as a startup ... The vast majority of these apps listed are now defunct (inactive) and a few are in the process of sunsetting ... We take the app stores' guidelines very seriously and make a concerted effort to comply with them, along with any changes to these rules that occur from time to time."

According to an Apple spokesperson, a dozen of the apps owned by Sensor Tower was previously removed from the iOS App Store due to violations. The company is continuing to investigate the apps from Sensor Tower that remain active on the Appt Store.