There are a number of apps caught collecting user information without any consent to their users! These apps are some Chrome and Firefox extensions, iOS and Android apps. AdGuard, an ad-blocking platform, recently discovered the shocking truth in their recent investigation.
The common link among all the apps are one company – Big Star Labs. This company is, needless to say, developer of all these tools. If you’re one of their victims (using their apps), it’s time to take action now to secure yourself.
Apps that stealing info
The following apps are from the company that was collecting the browsing history of their users extensively with the help of some shady tactics.
- Block Site (Chrome and Firefox)
- Poper Blocker (Chrome and Firefox)
- CrxMouse (Firefox only)
- Speed BOOSTER
- Clean Droid
- AppLock | Privacy Protector
- Mobile health club apps
- Battery Saver
- Adblock prime
According to the estimation by AdGuard, these apps were infecting nearly 11 million devices!
Info the apps collected
The problem is, according to the experts of AdGuard, these extensions and apps collected highly personal data while keeping them in disguise in their privacy policies. The policies claimed that they only collected “non-personal” and “anonymized” data.
AdGuard reported that these apps often collected full browsing history and didn’t even anonymize them properly. Thus, any 3rd-party observer could actually identify the person in real life and get a big picture of that victim in real-world.
In the certain case of a popup blocker, the app collected data of all the pages the user visited instead of collecting data of those pages only that showed popups.
AdGuard pointed out that such action is against the policies of all app/extension stores. Fortunately, the apps are nearly not available for the users after the report and if your system still holds them, bring them down.
Shady devs, photo-based policies
In addition to the mysterious apps, investigators also pointed out at Big Star Labs – a shady company intentionally tried masking its actions and identity.
According to Andrey Meshkov, co-founder of AdGuard, said that Big Star Labs is good at hiding their identities. Every single document containing their company name is an image (Google can’t find it, either). The company also uses different accounts in different extension and app stores. The owner of the domains aren’t publicized as well.
The privacy policies are also at a shady level. You can’t find their privacy policies in text like this. They are only available as image and as I said earlier, Google can’t detect them either. This way, Big Star Labs successfully protected themselves from sharing the information of their data collection and data sharing practices.
Shady mobile app
The mobile app also shows the characteristics of all the usual tactics a general malware would use. For example, the iOS app prompted the user for installing a MDM profile to allow full control over the device for intercepting traffic and access any data.
The Android app also asked the user for access to the “Accessibility” service – a prime method by banking Trojans and most Android malware to take over the victim devices. While AdGuard reported that Big Star Labs didn’t perform such malicious actions, these conditions made their data collection a lot easier.
Thankfully, most of the apps and other extensions are taken down. The iOS app is not available from the Apple App Store so there’s nothing Apple can do about it. Only the cautions taken by the users can protect them from such dangers.