Over 11 million people have installed spyware from 'Big Star Labs'

Cal Jeffrey

TS Evangelist
Staff member

Security researchers at AdGuard discovered multiple browser extensions and apps that were secretly collecting the browsing history of over 11 million people. All of the apps belonged to Big Star Labs based out of Delaware. However, nobody can figure out who is behind the company or who they share the data with.

“The apps and extensions we discovered doing this belong to a newly registered Delaware company named 'Big Star Labs,' so it is difficult to track them down to the real beneficiaries,” said Andrey Meshkov with AdGuard Research. “This also makes it almost impossible to track whom they share your data with.”

Big Star Labs appears to be using primarily nine products for its spying (number of installs in brackets).

  • Block Site for Android, Chrome, and Firefox [1.7 million+]
  • AdblockPrime for iOS [unknown]
  • Mobile Health Club for Android [unknown]
  • Poper Blocker for Chrome and Firefox [2.3 million+]
  • CrxMouse for Chrome [410,000+]
  • Speed BOOSTER for Android [5 million+]
  • Battery Saver for Android [1 million+]
  • AppLock | Privacy Protector for Android [500,000+]
  • Clean Droid for Android [500,000+]

The privacy policies of all the apps claim that they only collect “non-personal” or “anonymized” data. However, as the apps are collecting your browsing data, your true identity can be exposed or ascertained. For example, unless you use a pseudonym, every time you visit your Facebook or Twitter profile your real name is revealed to anyone looking at your browsing history.

However, it is not just your name that can be discovered in your browsing history. Snoops can see where you shop, what products interest you, how much you spend, what bank you use, and the list goes on. It becomes very easy for companies to develop a complete profile of someone just from their browsing history. There was even a study conducted by Stanford showing that analysts can de-anonymize web browsing data by comparing it against social media profiles.

“The real problem is not just that this one company learns who you are,” says Meshkov. “The data which is collected about you then can be shared, sold, and combined with data from other sources. In the end, the final product is your complete profile.”

Plus during its investigation, AdGuard discovered that in many instances of so-called “anonymous” data were not so anonymous. After decoding and analyzing the raw information sent to affiliated servers, the researchers found several identifying factors within the requests.

Meshkov points out that every batch of data sent out is marked with the user's own unique identifier that was generated upon installation of the app or extension. This in and of itself is not personally identifying, but when combined with the rest of the information sent, it is easy to discover the identity of the user.

“Also, as you can see, the data sample contains some Twitter URLs I visited, which can be used to easily identify me,” said Meshkov pointing to a sample of collected data (image below).

As for sharing this data, Big Star Labs will share it with whomever they want. In its privacy policy, it uses a form of doublespeak that Meskov says is common with companies using spyware. For example, the privacy statement will begin by saying it does not share your data, but in subsequent paragraphs will contradict that statement as an exception.

Furthermore, it never discloses whom it is sharing the data with, always using terms like “third-party service providers,” “parent company,” “subsidiaries,” “joint ventures,” and “affiliated companies.” Meshkov says that Big Star Labs has gone to great lengths to hide its identity and those of its partners.

“Big Star Labs is pretty good at hiding their affiliated apps and websites. Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized. It made me use some serious Google-fu to find a bunch of Android apps which belong to the same "Big Star Labs" company: Speed BOOSTER, Battery Saver, AppLock | Privacy Protector, Clean Droid, Block Site.”

Indeed, a Google search of “Big Star Labs” only turns up articles that have been recently written exposing the shady company — official website, company profile, or any other information cannot be found.

As of this morning, all of the apps and extensions have been removed from Google Play and the Chrome WebStore. If you already have one or more of the apps, you might want to uninstall them. As always, be careful when picking your software. Read the privacy policy and terms of service agreements, and never install anything unless you trust the developer.

Permalink to story.

 

cliffordcooley

TS Redneck
I'm willing to bet countries (that harbor these people) would do something about this. If all other countries banned access from their IP's.
 

texasrattler

TS Evangelist
So your telling me that Google nor Apple can find out who these ppl are? I highly doubt that.

Also how did this company with there jargon policy even make it into these app stores that are suppose to be highly reviewing them? Is Google or Apple getting a kickback from them?
 

NahNood

TS Addict
"Read the privacy policy and terms of service agreements, and never install anything unless you trust the developer." -- Well, good advice, but worthless! Because obviously the first part could be lies anyway, and the second part is just as silly because most extension devs are like indie bands, who really knows them? lol
 

James00007

TS Booster
Yea that's bad I was using Block Site in Chrome. Confusingly there are 2 other extensions called Block Site that are still up. The one I was using was blocksite.co and that's the one that Google have killed. Shame they weren't good enough to stop them before they started. Thanks Google. They took it off the web store but failed to alert me of this issue or recommend I remove it. How long before Google have the wool pulled over their eyes with something more serious? Now I have to go through the grief of finding a good site blocker, that will take the list I have already built, if there even is one. Thanks for bringing this to my attention because without this article I could have been using it for years without ever knowing.
 
Last edited: