Lukas Stefanko Profile picture
Malware Researcher at @ESET Android security, malware analysis, app vulnerability research https://t.co/te7DnuvQYm

Aug 31, 2018, 5 tweets

Android Legitimate Spyware with 10M+ installs.

App #Onavo owned by Facebook, is VPN service that collects your:
- mobile traffic
- location
- installed/opened apps
- visited websites

This app should hide your traffic & increase privacy, instead it collects it.

Visited web sites, launched & installed apps and others are stored in plaintext in database. Not accessible without root.

Based on their Privacy Policy, they have been gathering user's personal data since 2013.
If you ever used #Onavo app, your traffic is stored on Facebook servers probably forever.
They share same terms & conditions for different app versions.

Because of breaking user privacy and security app was removed from Apple's App Store.
I think it should be removed from Google Play as well. #PleaseRetweet
theverge.com/2018/8/22/1777…

In terms & conditions its says it wont share your sensitive and private data with 3rd parties. But we have been there #CambridgeAnalytica.
With 10M+ Android installs Facebook has much more info about individuals that could not simply collect only from Facebook. #dontUseOnavo

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling