Disclosure For Android Apps
Effective Date: March 25, 2024
- Introduction
- In-App Disclosure and Consent Request Process
- Which Protectstar Android Apps Do Collect Personal Data?
- Types of Personal Data We Collect and Why
- Why do we process your data?
- What is the purpose of sending users' installed application information to https://api.protectstar.com ?
- Utilization of Collected Information
- Individual Rights in Personal Data
- Children’s Privacy
- International Data Management and Transfers
- Managing Your Personal Data and Exercising Your Rights
- California Privacy Rights
- Changes to This Disclosure
- Contact Us
Introduction
Please read this disclosure carefully before you agree to it. This disclosure outlines the personal data collected and transferred from users of our Android apps, their usage, and sharing practices.
We at Protectstar Inc. (“Protectstar”, “we”, “us”, “our”) values privacy, security, and online safety and is committed to protecting users' (“you” and “your”) information and activities.
We may update this disclosure to reflect changes in our business. Material changes will be communicated via email, in-product notification, or as required by law. Therefore, review the most current version of this disclosure regularly.
In-App Disclosure and Consent Request Process
For enhanced service, we require information about your installed applications. This data helps us tailor security measures to your usage, improving our services.
The information we request is uploading users' installed application information to https://api.protectstar.com will be retained and used as described in this disclosure.
Detailed Explanation of Data Usage:
- Our app transmits users' installed application information to our servers at https://api.protectstar.com to enhance our services. This includes app package names and SHA-256 and MD5 checksum (NOT the content of the scanned file!).
- We use this information to detect potential threats, optimize app performance, and provide a personalized experience.
- Your consent for collecting and using this data is essential for us. You can withdraw consent anytime by uninstalling the app or turning off internet connectivity, with potential impact on service quality.
Third-Party Services:
Our app utilizes third-party services like Google Play Services and Firebase for analytics and crash reporting. We ensure these partners adhere to strict privacy standards.
The app does use third-party services that may collect information used to identify you. This data is sent to, but not limited to https://app-measurement.com.
Link to the privacy policy of third party service providers used by the app:
Transparency in Data Handling:
- Anonymity and Encryption: We anonymize all transmitted data to our cloud server at https://api.protectstar.com/api/get-deep-detective-packages-shas-infoand https://api.protectstar.com/api/get-blocklists-info using Advanced Encryption Standard (AES) with a 256-bitkey over HTTPS, ensuring your privacy.It cannot be tracked back to individuals.
- Opting Out: You have the option to disable data collection by disconnecting from the internet, affecting malware detection capabilities.
Data Transfer Protocols:
Data is AES-encrypted and transmitted securely, with detailed purposes outlined for app package names and checksums, emphasizing security and app integrity.
Purpose of Data Processing:
- We collect data to safeguard against threats, optimize our services, and ensure a secure user experience. Our AI Cloud analyzes this data efficiently, maintaining device performance.
User Control and Data Management:
- You control your data. Our services run in the background, offering protection while respecting your choices. Data use is limited to specified purposes, with options for users to manage their privacy.
Data Retention and Protection:
- Data is stored on secure servers in Germany, with stringent security measures. We retain personal data as necessary, following high security and privacy standards. Data is stored for the duration, as is technically necessary. As a rule, this is only a few seconds before the data is securely deleted from our servers by a high-security deletion standard.
Sharing Personal Data:
- We do not share or sell your data to third parties. Your privacy is our priority.
Protecting Your Data:
- We employ comprehensive security measures to protect your data, ensuring confidentiality, integrity, and availability.
Your Choices Regarding Personal Data:
- You can manage your personal data by uninstalling our apps or adjusting settings, providing control over the collection and use of your information.
Which Protectstar Android Apps Do Collect Personal Data?
At Protectstar, we put your privacy at the forefront of what we do and only collect necessary information to provide our products and services effectively.
Which Protectstar Android Apps Do Collect Information?
- Anti Spy Android
- Antivirus AI Android
- Camera Guard Android
- DNS Changer Android
- Firewall AI Android
- Micro Guard Android
- iShredder Android (only if you use a MY.PROTECTSTAR account)
Note about the Firewall AI app:
The Firewall AI app forwards the traffic of allowed connections directly to their destination through the Android VPN Service without using a remote VPN server. Its mode of operation can lead to one of two scenarios concerning your internet traffic:
- When IP Filtering is Disabled: Any blocked internet traffic is routed into the local VPN service, effectively acting as a sinkhole that drops all blocked traffic.
- When IP Filtering is Enabled: Both blocked and allowed internet traffic are routed into the local VPN service, but only allowed traffic is forwarded to the intended destination. No traffic is sent to a remote VPN server.
The Android VPN Service (https://developer.android.com/reference/android/net/VpnService.html) is utilized to locally route all internet traffic to Firewall AI. This design means that root access is not required to build or implement this firewall application.
Through transparently explaining these functions, we aim to instill confidence in our users regarding the privacy and integrity of their data when utilizing our Firewall AI applications.
Types of Personal Data We Collect and Why
At Protectstar Inc., we are committed to transparency about the personal data we collect from you and the reasons for its collection. Understanding the types of data we gather and their purpose can help you make informed decisions about your privacy settings and consent. Here's a detailed breakdown:
- Installed Application Information:
- Data Collected: Package names, SHA-256, and MD5 checksums of installed apps on your device.
- Purpose: This data allows us to identify and evaluate potential security threats, optimize app performance, and tailor our services to better meet your needs. We analyze app behavior and interactions to enhance our threat detection algorithms, ensuring a secure environment for your device. Importantly, we do not access the content within these apps, maintaining your privacy.
- Device Information:
- Data Collected: IP address, device identifiers (such as model and OS version), and, when necessary, geo-location data based on the IP address—not GPS.
- Purpose: Collecting this information enables us to ensure compatibility with various devices, optimize our services for different operating systems, and provide location-relevant security notifications and updates. The geo-location data, derived from your IP address, helps us offer region-specific security insights without infringing on the precise location privacy that comes with GPS data.
- Service and Device Data:
- Data Collected: General device performance data, frequency of feature usage, and details about potential security threats detected on your device.
- Purpose: This information is vital for improving our app’s functionality, making our security features more effective, and providing you with a personalized user experience. It also aids in the development of new features and services that respond to the evolving security landscape and user needs.
Your Consent and Control:
Your privacy is our top priority. We collect this data only after obtaining your clear and informed consent, ensuring you have full control over your personal information. You have the freedom to withdraw your consent at any time, which may affect the functionality of our services on your device. Our goal is to empower you with choices that allow you to manage your privacy while benefiting from our security services.
Commitment to Privacy and Security:
The data we collect is encrypted and transmitted securely to our servers, where it is processed with the utmost respect for your privacy. We implement state-of-the-art security measures to protect this information from unauthorized access, ensuring it is used exclusively for enhancing your security and user experience with our apps.
By being transparent about the data we collect and its purpose, we aim to foster trust and provide you with the assurance that your personal information is in safe hands. For further details about our data handling practices, please refer to our Privacy Policy or contact our customer support team.
Why do we process your data?
When you use our Protectstar® apps, we collect certain information to enhance the security and functionality of our services. Here’s why we need specific types of data:
- App Package Name: Users’ installed application information. We collect the names of apps installed on your device. This helps us identify which apps are running and enables us to tailor our security measures to the specific apps you use. It's a crucial step in ensuring that our security protocols are effective against threats that might target specific applications.
- SHA-256 & MD5 Checksum: These are unique digital fingerprints of an app's APK file. By collecting these checksums, we can verify the integrity of the apps on your device. This is essential for detecting alterations or corruptions in app files that could indicate the presence of malware or spyware.
- File Checksums: Similar to the app checksums, we collect SHA-256 and MD5 checksums of files on your device. This allows us to verify the integrity of these files and detect any unauthorized modifications. It’s a vital component in our effort to safeguard your device from malware that might alter or damage your files.
The purpose of sending users’ installed application information, the calculated SHA-256/MD5 checksums to https://app-measurement.com and to https://api.protectstar.com is to analyze the information by our Protectstar® Artificial Intelligence Cloud (AI Cloud).
Operating on servers, rather than individual devices, the AI Cloud offers efficient, precise analysis without taxing your device's resources.
The collected data is crucial for:
- Identifying and understanding the behavior of potential threats.
- Assessing the safety of apps and files on your device.
- Reducing false alarms by accurately differentiating between safe and harmful software.
- Continuously enhancing the performance and capabilities of our apps.
Overview about all our apps and their specific data collection practices that is send to the related URL incl. their purpose as well as the Restricted Permissions:
A. Firewall AI + DNS Changer
Data Collection and Usage:
- Endpoint: https://api.protectstar.com/api/get-blocklists-info
- Data Collected: App package name
- Purpose: To download the latest filter block lists.
- Endpoint: https://api.protectstar.com/api/whois
- Data Collected: IP address of visited URLs, locale of user's device
- Purpose: To provide localized WhoIs information for an IP address.
- Endpoint: https://tile.openstreetmap.org
- Data Collected: User agent (app package name, version, developer email)
- Purpose: To display Open Street Map for WhoIs information.
Restricted Permissions:
- android.permission.READ_PHONE_STATE (Mandatory, except for DNS Changer)
- Allows read-only access to phone state, including cellular network information.
- android.permission.QUERY_ALL_PACKAGES (Mandatory)
- Lists all apps installed on the device, enabling user control over app blocking or bypass in the Firewall.
- VPNService
- Redirects Android’s network traffic through the apps for security purposes.
B. Anti Spy + Antivirus AI
Data Collection and Usage:
- Endpoint: https://api.protectstar.com/api/get-deep-detective-packages-shas-info
- Data Collected: SHA256, MD5, Package Name
- Purpose: To identify potential security threats.
- Endpoint: https://api.protectstar.com/api/add-statistic-item, https://api.protectstar.com/api/add-file-statistic-item
- Data Collected: SHA256, MD5, Package Name, File Path/Name, Installation source, App version/code, Device metadata (OS version, manufacturer, model)
- Purpose: To analyze and record statistics of detected threats.
- Google SafetyNet
- Data Collected: Package name, application signing certificate, device attestation token
- Purpose: Verifying app and device integrity, checking Google Play Protect status.
Restricted Permissions:
- android.permission.SCHEDULE_EXACT_ALARM (Optional)
- Enables scans at user-defined times.
- android.permission.QUERY_ALL_PACKAGES (Mandatory)
- Scans all installed apps for threats.
- android.permission.SYSTEM_ALERT_WINDOW (Optional)
- Protects against screen-capture malware.
- android.permission.PACKAGE_USAGE_STATS (Optional)
- Detects foreground apps for toggling screen-capture protection.
- android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
- android.permission.READ_EXTERNAL_STORAGE (Mandatory)
- android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
- Scans and manages files for threats.
C. iShredder Android
Restricted Permissions:
- android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
- android.permission.READ_EXTERNAL_STORAGE (Mandatory)
- android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
- Read and write the bytes of files to securely overwrite them.
- android.permission.READ_CONTACTS (Optional)
- android.permission.WRITE_CONTACTS (Optional)
- Read and write contacts on your device to securely delete them.
D. Common Features Across All Apps
- In-App Billing System
- Data Collected:
- Purchase History: Records the history of purchases made within the app.
- Data Collected:
E. Apps Integrated with MY.PROTECTSTAR (MYPS) user account (optional)
Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, iShredder
- Endpoint: https://my-api.protectstar.com
- Data Collected:
- User Data: Includes UserId, email, name, surname, and password.
- Device Type: Information such as user-defined device name (e.g., Peter’s Samsung Galaxy S23), manufacturer, model, industrial design name, board (name of the underlying board, e.g.,"goldfish"), hardware specifications.
- Product SKU: App's own package name.
- License Information: Activation ID, activation key.
- Data Collected:
F. Apps Integrated with Firebase
Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, Camera Guard, Micro Guard
- Firebase Crashlytics(Firebase Crashlytics Data Disclosure)
- Data Collected:
- Crash Logs/ Stack Traces: Collects stack traces when an application crashes.
- Application State: Gathers relevant application state during a crash.
- Device Metadata: Point-in-time metadata about the device during a crash.
- Crashlytics Installation UUID: Measures the number of users impacted by a crash.
- User IDs: Including MYPS user id.
- Purpose: For analytics and improving app stability.
- Data Collected:
- Firebase Messaging(Firebase Messaging Data Disclosure)
- Data Collected:
- Device Metadata: OS version, name, model, brand, form factor.
- Installation Source: Identifies the app used for installation (e.g., Play Store).
- App Version: Collects the app's version for managing topic subscriptions.
- Purpose: For developer communications and app updates.
- Data Collected:
In summary, the data we collect is not just for detecting threats but also for adapting our security measures to the unique environment of your device, ensuring that you have the most effective protection against evolving digital threats.
What is the purpose of sending users' installed application information to https://api.protectstar.com ?
Our purpose in collecting your information is to equip you with useful products and services that provide a more agile, dynamic response to new and unknown threats.
The purpose of sending users' installed application information to https://api.protectstar.com is to analyze the installed application information by our Protectstar® Artificial Intelligence Cloud (AI Cloud). Protectstar® AI Cloud runs on servers and not on individual devices, like the user's smartphone. This ensures the full performance of the AI Cloud servers and enables quick and precise analyzes. At the same time, it keeps the user devices resource-efficient with optimal performance.
The data processing ensures:
- Identifying new threats, their behavior, their security status, and their sources.
- Determination of the reputation of examined objects.
- Reducing the likelihood of false alarms.
- Increasing the performance of software components.
- Performance increase for the rights holder's products.
- Access to the confidential installed app information and use is directly related to the provision and improvement of Protectstar Android apps' functions.
Utilization of Collected Information
At Protectstar, we are committed to leveraging the information we collect to enhance user security, provide superior service functionality, and maintain high standards of customer support. Below, we detail the purposes for which your data is used, emphasizing our commitment to these principles in compliance with Google's policies and applicable laws.
Primary Uses of Data:
- Service Provision and Operation: Your data enables us to deliver and maintain our services, ensuring they function seamlessly on your device.
- Security and Support: We utilize the data to address your needs promptly, offer personalized customer service, and secure your devices against cybersecurity threats like malware.
- Threat Detection and Prevention: By analyzing the data, we can identify and neutralize potential threats, reducing false positives and safeguarding your digital environment.
- Data Analysis for Protection: Information sent to and from your device is scrutinized to pinpoint vulnerabilities, enabling us to inform you about potential risks and take preventive action.
Consent-Based Usage:
Your information is processed based on explicit consent for the aforementioned purposes, which you agree to upon using our services. We adhere to a strict policy of using your data solely for these specified functions, respecting your privacy and autonomy.
Data Categorization:
Depending on the services you engage with, we may collect diverse data types, including:
- License and Subscription Details: Essential for user verification and maintaining service continuity.
- Operational Information: Insights into product interaction facilitate enhancements, making our solutions more intuitive.
- Device Specifications: This includes collecting data on device type and OS to tailor our security measures and ensure compatibility without requiring additional licenses post-system changes.
- Detected Threats: Analyzing identified threats enhances our protection mechanisms, benefiting all users by refining our security protocols.
- Installed Applications Data: Helps in constructing application whitelists, refining Parental Control features, and delivering tailored security solutions.
Broader Business Objectives:
Beyond immediate security and service operations, your data supports our broader business goals:
- Improvement and Development: We analyze behavioral data to upgrade existing services and innovate new solutions.
- Marketing and Communication: Personalized offers and updates on new products or features are shared to keep you informed about opportunities that might interest you.
- Research and Analysis: Engaging in market research and analyses helps us understand trends and user needs, guiding our strategic direction.
Commitment to Legal Compliance and Ethical Processing:
Protectstar processes personal data in strict alignment with legal obligations and ethical standards. This includes:
- Fraud Prevention and Identity Verification: To ensure the integrity of transactions and protect against fraudulent activities.
- Legal and Regulatory Adherence: We process data as required to fulfill our legal responsibilities, safeguard user rights, and uphold our contractual commitments.
Transparency and User Empowerment:
We encourage you to review our practices and utilize the controls available to manage your data preferences. Protectstar is dedicated to maintaining an open dialogue about data usage, ensuring you remain informed and in control.
Individual Rights in Personal Data
In accordance with applicable law, you may have the right to:
- Request confirmation of whether we are processing your Personal Data.
- Obtain access to or a copy of your Personal Data.
- Receive a portable copy of your Personal Data, or ask us to send that information to another organization (the "right of data portability").
- Seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Data.
- Restrict our processing of your Personal Data.
- Object to our processing of your Personal Data.
- Request erasure of Personal Data held about you by us, subject to certain exceptions prescribed by law.
If you would like to exercise any of these rights, don't hesitate to get in touch with us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we may take steps to verify your identity before fulfilling your request. For some requests and where permitted by law, an administrative fee may be charged. We will advise you of any applicable fee before performing your request.
Children’s Privacy
Protectstar Inc. recognizes the importance of protecting children's privacy in the digital environment. Our services are not designed for, and we do not knowingly collect personal data from, children under the age of 13 (or under 16 in certain jurisdictions). If we become aware that a child under the relevant age has provided us with personal data without parental consent, we will take steps to remove such information and terminate the child's account.
Parents or guardians who believe that their child has submitted personal information to us and wish to have it deleted may contact us at https://www.protectstar.com/en/contact.
We encourage parents and guardians to instruct their children never to provide personal information without their permission when using online services.
International Data Management and Transfers
Global Operations and Data Transfers:
Protectstar Inc., with its headquarters in the United States, operates on a global scale with entities and service providers located worldwide. In conducting our operations, we may transfer, store, or access your personal data across borders to jurisdictions with different data protection laws than those in your country. Regardless of where your data is processed, we are committed to ensuring it receives a comparable level of protection. To this end, we implement robust safeguards, including standard contractual clauses and data protection agreements, to secure your personal data and adhere to applicable international data transfer regulations.
For Residents of the European Economic Area (EEA):
We strictly comply with the General Data Protection Regulation (GDPR) requirements for transferring personal data outside the EEA or Switzerland. Protectstar Inc. does not transfer personal data to countries outside of the EEA or Switzerland unless there are adequate controls in place, including the security of your data and other personal information, through mechanisms like the EU Standard Contractual Clauses and adherence to the EU-U.S. Privacy Shield Framework, where applicable.
Data Control and Processing Legalities:
- Data Controller: When you engage with Protectstar’s consumer products, Protectstar Inc. is designated as the Data Controller of your personal information. This designation means we determine the purposes and means of processing your personal data, guided by the principles outlined in our privacy policy.
- Legal Basis for Processing: We process your personal data under specific legal bases:
- Contractual Necessity: We use your personal data to fulfill our contractual obligations to you, such as processing payments and providing the services you have requested.
- Legitimate Interests: We process your data for purposes that are in our legitimate organizational interests yet balanced against your rights and freedoms. These include but are not limited to: enhancing our services, ensuring security and privacy, and developing new products.
- Consent: For certain activities, we rely on your consent to process your personal data. You have the right to withdraw this consent at any time, though this will not affect the lawfulness of processing based on consent before its withdrawal.
- Legal Obligations: In some instances, we may need to process your data to comply with a legal obligation, ensuring we adhere to applicable laws and regulations.
Managing Your Personal Data and Exercising Your Rights
Protectstar Inc. values your privacy and control over your personal data. We provide you with the ability to exercise your rights regarding the personal data we process. You have the right to access, rectify, delete, restrict, object to the processing of your personal data, and the right to data portability. Specifically, you can:
- Access your personal data to see what information we have collected about you.
- Rectify any inaccurate or incomplete personal data.
- Erase your personal data from our systems, except where its retention is necessary for our legitimate business purposes, legal obligations, or for the establishment, exercise, or defense of legal claims.
- Restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or when we no longer need the data for the purposes of our processing.
- Object to the processing of your personal data for direct marketing purposes or when we process your data based on our legitimate interests.
- Portability allows you to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
If you wish to exercise any of these rights or withdraw your consent to the processing of your personal data, where consent is the legal basis for processing your data, you may do so at any time by using the mechanisms provided within our app or by contacting us directly at the contact information provided below.
Please note, while we aim to accommodate all requests, there may be circumstances where we cannot fulfill your request due to legal obligations, security needs, or operational requirements. If we are unable to fulfill your request, we will provide you with an explanation within thirty (30) days of receiving your request.
For more detailed information about how your data is treated and your rights as a data subject, please visit our privacy policy at https://www.protectstar.com/en/legal-notice.
California Privacy Rights
If you are a California resident, you may have additional privacy rights.
Changes to This Disclosure
We may update this disclosure from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes to our disclosure by sending an email to the address associated with your account, by posting a notice on our website, and/or by highlighting the update within our app.
We encourage you to review this disclosure periodically to stay informed about how we are protecting the personal data we collect. Your continued use of our service after any modification to this disclosure will constitute your acceptance of such modification.
Contact Us
If you have questions or requests about personal data or privacy, please contact us at https://www.protectstar.com/en/contact.
You can make a request online or email us at