In brief: A new batch of spyware has been discovered by AdGuard Research. The malware comes in the form of Android apps (and one unsanctioned iOS app) and extensions for Chrome and Firefox. The apps are owned by a company called "Big Star Labs," but nothing is known about it.

Security researchers at AdGuard discovered multiple browser extensions and apps that were secretly collecting the browsing history of over 11 million people. All of the apps belonged to Big Star Labs based out of Delaware. However, nobody can figure out who is behind the company or who they share the data with.

“The apps and extensions we discovered doing this belong to a newly registered Delaware company named 'Big Star Labs,' so it is difficult to track them down to the real beneficiaries,” said Andrey Meshkov with AdGuard Research. “This also makes it almost impossible to track whom they share your data with.”

Big Star Labs appears to be using primarily nine products for its spying (number of installs in brackets).

  • Block Site for Android, Chrome, and Firefox [1.7 million+]
  • AdblockPrime for iOS [unknown]
  • Mobile Health Club for Android [unknown]
  • Poper Blocker for Chrome and Firefox [2.3 million+]
  • CrxMouse for Chrome [410,000+]
  • Speed BOOSTER for Android [5 million+]
  • Battery Saver for Android [1 million+]
  • AppLock | Privacy Protector for Android [500,000+]
  • Clean Droid for Android [500,000+]

The privacy policies of all the apps claim that they only collect “non-personal” or “anonymized” data. However, as the apps are collecting your browsing data, your true identity can be exposed or ascertained. For example, unless you use a pseudonym, every time you visit your Facebook or Twitter profile your real name is revealed to anyone looking at your browsing history.

However, it is not just your name that can be discovered in your browsing history. Snoops can see where you shop, what products interest you, how much you spend, what bank you use, and the list goes on. It becomes very easy for companies to develop a complete profile of someone just from their browsing history. There was even a study conducted by Stanford showing that analysts can de-anonymize web browsing data by comparing it against social media profiles.

“The real problem is not just that this one company learns who you are,” says Meshkov. “The data which is collected about you then can be shared, sold, and combined with data from other sources. In the end, the final product is your complete profile.”

Plus during its investigation, AdGuard discovered that in many instances of so-called “anonymous” data were not so anonymous. After decoding and analyzing the raw information sent to affiliated servers, the researchers found several identifying factors within the requests.

Meshkov points out that every batch of data sent out is marked with the user's own unique identifier that was generated upon installation of the app or extension. This in and of itself is not personally identifying, but when combined with the rest of the information sent, it is easy to discover the identity of the user.

“Also, as you can see, the data sample contains some Twitter URLs I visited, which can be used to easily identify me,” said Meshkov pointing to a sample of collected data (image below).

As for sharing this data, Big Star Labs will share it with whomever they want. In its privacy policy, it uses a form of doublespeak that Meskov says is common with companies using spyware. For example, the privacy statement will begin by saying it does not share your data, but in subsequent paragraphs will contradict that statement as an exception.

Furthermore, it never discloses whom it is sharing the data with, always using terms like “third-party service providers,” “parent company,” “subsidiaries,” “joint ventures,” and “affiliated companies.” Meshkov says that Big Star Labs has gone to great lengths to hide its identity and those of its partners.

“Big Star Labs is pretty good at hiding their affiliated apps and websites. Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized. It made me use some serious Google-fu to find a bunch of Android apps which belong to the same "Big Star Labs" company: Speed BOOSTER, Battery Saver, AppLock | Privacy Protector, Clean Droid, Block Site.”

Indeed, a Google search of “Big Star Labs” only turns up articles that have been recently written exposing the shady company — official website, company profile, or any other information cannot be found.

As of this morning, all of the apps and extensions have been removed from Google Play and the Chrome WebStore. If you already have one or more of the apps, you might want to uninstall them. As always, be careful when picking your software. Read the privacy policy and terms of service agreements, and never install anything unless you trust the developer.