Snoopware installed by 11 million+ iOS, Android, Chrome, and Firefox users
by Dan Goodin, ArsTechnica.com
7/25/2018
All of the apps appear to have been recently acquired by a little-known company.
People often use ad blockers, disk-cleaners, and similar utilities to stop online trackers from monitoring their online activities. Now, researchers have uncovered a host of apps and browser extensions downloaded more than 11 million times that keep a list of every website ever visited and send it to servers operated by the developers.
The snooping wares affect both Android and iOS users, as well as those who installed Google Chrome and Mozilla Firefox extensions, according to a blog post published Tuesday by AdGuard, a developer of ad blockers and privacy tools. AdGuard cofounder Andrey Meshkov said in the post that the extensions and apps make a list of every exact address of every page visited and combine it with a unique identifier he believes is generated when the extension or app is first installed.
“There are numerous ways of discovering your real identity from observing your browsing history,” Meshkov wrote. “It can be straightforward, for instance, there is no ambiguity in who can visit this page: Login on Twitter. Even if you do not happen to visit such pages, there is still a high chance of exposing your real identity.”
The post identifies the following wares:
A search by Ars showed that none of the offending Android apps or Chrome extensions were available in Play or the Chrome Web Store. Meshkov, however, said on Wednesday that his searches showed that the Block Site Android app was still available in Play. Both the Block Site and Poper Blocker Firefox extensions were also no longer available from Mozilla. Interestingly, the AdblockPrime extension targeting iOS users could be installed directly from adblockprime[dot]co when people visited using Safari. There’s no indication it was ever available in Apple’s App Store.
Further Reading
Google Chrome extensions with 500,000 downloads found to be malicious
Over the past year, a variety of apps and extensions, mostly available in Google Play and the Chrome Web Store, have been caught stealing login credentials, injecting malicious ads, and pushing nation-state-style surveillance functions. Stylish, a Chrome, Firefox, and Opera extension with more than 2 million downloads, was pulled earlier this month when researchers found that it, too, tracked every site users visited.Tuesday’s post is the latest example of how widely used extensions and apps can often severely compromise user privacy. People should think long and hard before installing them and then only after researching the developers listed in the privacy policies.
by Dan Goodin, ArsTechnica.com
7/25/2018
All of the apps appear to have been recently acquired by a little-known company.
People often use ad blockers, disk-cleaners, and similar utilities to stop online trackers from monitoring their online activities. Now, researchers have uncovered a host of apps and browser extensions downloaded more than 11 million times that keep a list of every website ever visited and send it to servers operated by the developers.
The snooping wares affect both Android and iOS users, as well as those who installed Google Chrome and Mozilla Firefox extensions, according to a blog post published Tuesday by AdGuard, a developer of ad blockers and privacy tools. AdGuard cofounder Andrey Meshkov said in the post that the extensions and apps make a list of every exact address of every page visited and combine it with a unique identifier he believes is generated when the extension or app is first installed.
“There are numerous ways of discovering your real identity from observing your browsing history,” Meshkov wrote. “It can be straightforward, for instance, there is no ambiguity in who can visit this page: Login on Twitter. Even if you do not happen to visit such pages, there is still a high chance of exposing your real identity.”
The post identifies the following wares:
- Block Site. Privacy policy.
- Android app with 100,000+ installs.
- Chrome extension with 1,440,000+ users.
- Firefox extension with 119,000+ users.
- AdblockPrime. Privacy policy.
An ad blocker for iOS. It's hard to estimate the users count as it is not distributed via the App Store. - Mobile health club apps. Privacy policy. Several popular Android utilities.
- Speed BOOSTER - an Android app with 5,000,000+ installs.
- Battery Saver - an Android app with 1,000,000+ installs.
- AppLock | Privacy Protector - an Android app with 500,000+ installs.
- Clean Droid - an Android app with 500,000+ installs.
- Poper Blocker. Privacy policy.
- Chrome extension with 2,280,000+ users.
- Firefox extension with 50,000+ users.
- CrxMouse. Privacy policy.
- Chrome extension with 410,000+ users.
A search by Ars showed that none of the offending Android apps or Chrome extensions were available in Play or the Chrome Web Store. Meshkov, however, said on Wednesday that his searches showed that the Block Site Android app was still available in Play. Both the Block Site and Poper Blocker Firefox extensions were also no longer available from Mozilla. Interestingly, the AdblockPrime extension targeting iOS users could be installed directly from adblockprime[dot]co when people visited using Safari. There’s no indication it was ever available in Apple’s App Store.
Further Reading
Google Chrome extensions with 500,000 downloads found to be malicious
Over the past year, a variety of apps and extensions, mostly available in Google Play and the Chrome Web Store, have been caught stealing login credentials, injecting malicious ads, and pushing nation-state-style surveillance functions. Stylish, a Chrome, Firefox, and Opera extension with more than 2 million downloads, was pulled earlier this month when researchers found that it, too, tracked every site users visited.Tuesday’s post is the latest example of how widely used extensions and apps can often severely compromise user privacy. People should think long and hard before installing them and then only after researching the developers listed in the privacy policies.
