Lukas Stefanko Profile picture
Malware Researcher at @ESET Android security, malware analysis, app vulnerability research
Aug 31, 2018 5 tweets 5 min read
Android Legitimate Spyware with 10M+ installs.

App #Onavo owned by Facebook, is VPN service that collects your:
- mobile traffic
- location
- installed/opened apps
- visited websites

This app should hide your traffic & increase privacy, instead it collects it. Visited web sites, launched & installed apps and others are stored in plaintext in database. Not accessible without root.