TutuApp’s new tool has been a great success but it also does something that it’s not supposed to do. Here’s how they are stealing your private information.
Table of Contents
Coffeebreakerz Dev Team exposes TutuApp
Sem Voigtländer, lead hacker of Coffeebreakerz, has completely exposed TutuApp’s false claims. He successfully reverse-engineered Nesstool Protection utility and verified that this tool is, indeed, spyware.
Sem also posted several interesting tidbits on Twitter.
Location is being logged. pic.twitter.com/wVwqEl7KNS
— MTJailed (Terminal) (@MTJailed) September 19, 2017
Here’s a brief explanation of what this tool actually does, apart from “protecting your apps”.
- Gather data about your device type.
- Get all data about installed applications.
- Check whether or not your device has root access (jailbreak).
- Access your MAC address.
- Gather data about your carrier/provider.
- Gather your location coordinates.
Once you open TutuApp, it will display a popup that will force you to install Nesstool. This is what I experienced before installing their app protection tool on my iPhone 7 plus.
There’s no close or exit button so you will need to install to continue using the installer.
Why are they stealing your data?
Obviously, there has to be some reason behind gathering private user data. They aren’t doing this just for the fun of it.
Thanks to Sem’s analysis, I was able to dig deep and what’s actually going on behind the scenes. They are actually stealing your data and selling it to a Spanish mobile advertising agency, Mobclick.
Here’s the address of the server where they are storing user data – https://alogs.umengcloud.com/app_logs.
In the information age, data is knowledge and knowledge is power. User data is already extremely valuable and considering most of Tutu users own an iPhone, it makes it even more valuable.
Just so you know, pretty much every browser, social network, and app out there “steals” your data exactly like this.
What does TutuApp have to say?
The team behind TutuApp is still sticking to their version about this whole fiasco.
They are still claiming their tool is completely clean and have categorically denied any and all allegations leveled against them. Here’s what they have to say on the matter.
Answer the slander👎 of Nesstool track Private information pic.twitter.com/boKVJKrRG3
— TutuApp (@tutu_helper) September 25, 2017
Remove it asap!
If you are already using this spyware, I suggest removing it as quickly as possible. Who knows what they might do with your data.
You can try out Nesstool for yourself but I wouldn’t recommend doing so for obvious reasons. With that being said, it does block Apple’s servers and keeps your apps running even if their certificate has been revoked.
Do you still support TutuApp or will you delete it as soon as possible? Let us know your thoughts and opinions in the comments section below.
For more security news and updates, follow us on Facebook and Twitter.