TutuApp’s new tool has been a great success but it also does something that it’s not supposed to do. Here’s how they are stealing your private information.
Table of Contents
Coffeebreakerz Dev Team exposes TutuApp
As you already know, TutuApp has begun blocking its two main competitors – AppValley and TweakBox. Upon closer inspection, we find this isn’t the only shady thing it’s doing.
Sem Voigtländer, lead hacker of Coffeebreakerz, has completely exposed TutuApp’s false claims. He successfully reverse-engineered Nesstool Protection utility and verified that this tool is, indeed, spyware.
Sem also posted several interesting tidbits on Twitter.
Location is being logged. pic.twitter.com/wVwqEl7KNS
— MTJailed (Terminal) (@MTJailed) September 19, 2017
Here’s a brief explanation of what this tool actually does, apart from “protecting your apps”.
- Gather data about your device type.
- Get all data about installed applications.
- Check whether or not your device has root access (jailbreak).
- Access your MAC address.
- Gather data about your carrier/provider.
- Gather your location coordinates.
Once you open TutuApp, it will display a popup that will force you to install Nesstool. This is what I experienced before installing their app protection tool on my iPhone 7 plus.
There’s no close or exit button so you will need to install to continue using the installer.
Why are they stealing your data?
Obviously, there has to be some reason behind gathering private user data. They aren’t doing this just for the fun of it.
Thanks to Sem’s analysis, I was able to dig deep and what’s actually going on behind the scenes. They are actually stealing your data and selling it to a Spanish mobile advertising agency, Mobclick.
Here’s the address of the server where they are storing user data – https://alogs.umengcloud.com/app_logs.
In the information age, data is knowledge and knowledge is power. User data is already extremely valuable and considering most of Tutu users own an iPhone, it makes it even more valuable.
Just so you know, pretty much every browser, social network, and app out there “steals” your data exactly like this.
What does TutuApp have to say?
The team behind TutuApp is still sticking to their version about this whole fiasco.
They are still claiming their tool is completely clean and have categorically denied any and all allegations leveled against them. Here’s what they have to say on the matter.
Answer the slander👎 of Nesstool track Private information pic.twitter.com/boKVJKrRG3
— TutuApp (@tutu_helper) September 25, 2017
Remove it asap!
If you are already using this spyware, I suggest removing it as quickly as possible. Who knows what they might do with your data.
You can try out Nesstool for yourself but I wouldn’t recommend doing so for obvious reasons. With that being said, it does block Apple’s servers and keeps your apps running even if their certificate has been revoked.
Do you still support TutuApp or will you delete it as soon as possible? Let us know your thoughts and opinions in the comments section below.
For more security news and updates, follow us on Facebook and Twitter.
I’m honestly fine with them using the info for ads, either way I’m just ignoring and closing them when they pop up. Yeah, it’s a bit sketch knowing the info is put out there, but at the same time with technology these days I have bigger concerns than ads that know where I am and what device I’m on. Yes, it’s technically a more effective add but it’s still just an ad. It’s not like they’re hacking into my bank account to steal my -$3.00 out of it.
Can you tell me like absolutely every single thing they steal
They only steal your browsing habits, etc. Your passwords remain safe.
What private data are they collecting? Is it passwords and accounts?
No, they are just collecting your browsing habits etc. Your password and account data are secure.
Is it safe to use TutuApp if I don’t install Nesstool?
Yes, it’s safe but I would recommend using ignition or other apps.
Is TutuApp safe if I don’t install Nesstool?
Is installing tutuapp itself okay?
Yes, if you are fine with your data getting used for ads.
After I deleted TuTu, apps I had had before I installed it are still being effected by tutu. How do I stop this? Already tried deleting-reinstalling
You mean to say the tweaked apps you installed are still working?
I was never forced to use nesstool
When they launched it back in 2017, TutuApp did force you to install NessTool.
I’m actually fine with them getting he info listed above. But what about credit card info or passwords?
Are these at risk?
No, those aren’t at risk.
Actually, you CAN download nesstool, but in settings DONT trust it. It will just say that download failed or something, but it will not open, because you don’t trust it. It gathers data when used, not when installed, and when you have it on your device, you can close the pop up
You definitely don’t have to install it. I never have you just click through and get a cancel button. When I saw their “recommendation” to install nesstools a year or so ago… I figured only a moron would actually do it.
Actually, that’s a prompt by iOS, not by TutuApp. They still “force” the user by not displaying a close button.
No way, i used to use TutuApp so much but the minute I read this, I just deleted it😀😨😨😨
Actually, there’s no problem in using their installer.
They are so stupid they already get money from THE VIP VERSION
Greedy mother f******
Also I can edit out something from my other comment
When neestool pops up press install then a second window pops up to confirm just hit cancel simple
Yes, you can do that but iOS gives you that alert, not TutuApp. They have designed it in such a way that you can’t close it.
woow, I did not expect that, I’ll erase it and use another one. Thank you.
Wow I can’t believe Tutuapp is actually doing this. Why they would want our location and private data is rediculous. Looks like I’m going back to Appvalley or Tweakox (if they’re still working.)
Yes, both these installers are working as of now.