Data Disclosure For
Protectstar Android Apps

Effective Date: October 03, 2024

• Introduction
• Which Protectstar Android Apps Do Collect Personal Data?
• Data Collection: Why, What, and How
• Data Collection and Usage by Specific Apps
• Firebase Messaging and Data Privacy
• Data Sharing and SDKs
• Prominent Disclosure and User Consent
• Data Safety Section Consistency
• Transparency and User Control Over Data
• Data Retention and Protection
• Your Rights Regarding Personal Data
• Children’s Privacy
• International Data Transfers
• Changes to This Disclosure
• Contact Us

Introduction

At Protectstar Inc. ("Protectstar", "we", "us", or "our"), your privacy is our top priority. Please read this disclosure carefully before providing your consent. It explains what personal data we collect from users of our Android apps, why we collect it, how we use it, and with whom it is shared. We encourage you to review this disclosure regularly for updates, as we may change it to reflect new features or legal requirements.

Which Protectstar Android Apps Do Collect Personal Data?

At Protectstar, we put your privacy at the forefront of what we do and only collect necessary information to provide our products and services effectively.

The following apps may collect personal data, but we will always request your consent before doing so:

• Anti Spy Android
• Antivirus AI Android
• Camera Guard Android
• DNS Changer Android
• Firewall AI Android
• Micro Guard Android
• iShredder Android (only when you use a MY.PROTECTSTAR online account)

When using these apps, you will see a clear in-app disclosure that asks for your explicit consent to collect data. You can choose to accept or decline, and exiting the consent screen will not imply consent.

Data Collection: Why, What, and How

I. Why We Collect Your Data
We collect certain information to improve your security and enhance the functionality of our services. Here's why we need specific types of data:

1. App Package Name (Users’ installed application information):
   We collect the names of the apps installed on your device. This information helps us customize our security features to protect the apps you use from potential threats like malware or spyware. For example, if you have apps that are more likely to be targeted by harmful software, our systems can prioritize protecting them, ensuring you stay safe. Importantly, we do not access or collect any content from within the apps—only the names of the apps themselves are collected for security purposes.
   
2. SHA-256 & MD5 Checksums (App Integrity):
   A checksum is like a digital fingerprint of a file or app. It’s a way of creating a unique code from the contents of a file or app, which allows us to check if that file or app has been altered in any way.
3. File Checksums (File Integrity):
   Like apps, we collect checksums for files on your device to detect unauthorized changes. This ensures that your files remain safe and intact, without us ever accessing the content of those files.

When we collect checksums, we are not sending the entire app or file to our servers. Instead, we generate a code (the checksum) from the file or app. This code is unique to that version of the file, so if a file has been changed (for example, by malware), the checksum will be different. By comparing the checksum from your device with the expected checksum, we can quickly detect if something is wrong without needing access to the actual file or app content.

MD5 and SHA-256 are just two different types of these digital fingerprints. While MD5 is an older method, SHA-256 is more advanced and secure. We use these checksums to ensure that your apps haven’t been tampered with, helping to protect you from potential security risks like malware or spyware.

Therefore, no complete apps or files are sent to the server.

We would like to make it clear that only checksums, which are like digital fingerprints, are transmitted and not the actual content of your apps or files.

This process ensures your files are safe from potential threats while fully preserving your privacy.

The purpose of sending the collected data (app package names and SHA-256/MD5 checksums) to our Protectstar AI Cloud servers to https://api.protectstar.com is to perform a deeper analysis. By using cloud servers instead of local device processing, we can provide efficient, precise analysis without overloading your device’s resources.

The data we collect serves essential purposes, such as:

• Detecting and mitigating potential security threats like malware or spyware.
• Assessing the safety of apps and files installed on your device.
• Reducing false alarms by accurately distinguishing between safe and harmful software.
• Continuously improving app performance and capabilities through real-time analysis.

II. What We Collect
We collect two primary types of data to protect your device:

1. Installed Application Information:
   This includes the names of apps installed on your device, allowing us to monitor their security and provide targeted protection. As mentioned earlier, we do not access the content within these apps.
2. File and App Checksums (SHA-256/MD5):
   These checksums, which we previously explained as a type of digital fingerprint, are used to verify the integrity of apps and files on your device. By comparing these checksums, we can detect if any unauthorized changes have been made, ensuring the security of your apps and files.

III. How We Use Your Data
At Protectstar, we use the information we collect responsibly to enhance your security, improve the functionality of our apps, and provide high-quality support.

Here’s how your data is used:

• Security Analysis: We analyze app package names and checksums to detect malware and other potential threats.
• Threat Detection: By comparing checksums, we can identify unauthorized changes to apps or files, ensuring your device's security.
• Performance Optimization: We offload resource-intensive analysis to our secure cloud servers, enhancing your device's efficiency without compromising performance.

All data is securely transmitted to our cloud servers to https://api.protectstar.com using AES-256 encryption over HTTPS, ensuring your information remains confidential. Your data is anonymized during processing, so it cannot be linked back to you as an individual.

If you prefer not to have this data collected, you can disable your internet connection, but please note that this may affect the app's ability to detect malware and provide real-time protection.

Data Collection and Usage by Specific Apps

Overview about all our apps and their specific data collectection practices that is send to the related URL incl. their purpose as well as the Restricted Permissions.

Through transparently explaining these functions, we aim to instill confidence in our users regarding the privacy and integrity of their data when utilizing our applications:

1) Firewall AI & DNS Changer

Note about both apps:

The Firewall AI and DNS Changer app forwards the traffic of allowed connections directly to their destination through the Android VPN Service without using a remote VPN server.

Its mode of operation can lead to one of two scenarios concerning your internet traffic:

• When IP Filtering is Disabled: Any blocked internet traffic is routed into the local VPN service, effectively acting as a sinkhole that drops all blocked traffic.
• When IP Filtering is Enabled: Both blocked and allowed internet traffic are routed into the local VPN service, but only allowed traffic is forwarded to the intended destination. No traffic is sent to a remote VPN server.

The Android VPN Service(https://developer.android.com/reference/android/net/VpnService.html) is utilized to locally route all internet traffic to Firewall AI. This design means that root access is not required to build or implement this firewall application.

Data Collection and Usage:

1. Endpoint: https://api.protectstar.com/api/get-blocklists-info
   • Data Collected: App package name
   • Purpose: To download the latest filter block lists.
2. Endpoint: https://api.protectstar.com/api/whois
   • Data Collected: IP address of visited URLs, locale of user's device
   • Purpose: To provide localized WhoIs information for an IP address specifically selected by the user.
3. Endpoint: https://tile.openstreetmap.org
   • Data Collected: User agent (app package name, app version, developer email)
   • Purpose: To display Open Street Map for WhoIs information.

Restricted Permissions:

1. android.permission.READ_PHONE_STATE (Mandatory, except for DNS Changer)
   • Allows read-only access to phone state, including cellular network information.
2. android.permission.QUERY_ALL_PACKAGES (Mandatory)
   • Lists all apps installed on the device, enabling user control over app blocking or bypass in the Firewall.
3. VPNService
   • Redirects Android’s network traffic through the apps for security purposes.

2) Anti Spy & Antivirus AI

Data Collection and Usage:

1. Endpoint: https://api.protectstar.com/api/get-deep-detective-packages-shas-info
   • Data Collected: SHA256, MD5, Package Name
   • Purpose: To identify potential security threats during manual and real-time scan.
2. Endpoint: https://api.protectstar.com/api/add-statistic-item, https://api.protectstar.com/api/add-file-statistic-item
   • Data Collected: SHA256, MD5, Package Name, File Path/Name, Installation source, App version/code, Device metadata (OS version, manufacturer, model)
   • Purpose: To analyze and record statistics of detected threats.

Restricted Permissions:

1. android.permission.SCHEDULE_EXACT_ALARM (Optional)
   • Enables scans at user-defined times.
2. android.permission.QUERY_ALL_PACKAGES (Mandatory)
   • Scans all installed apps for threats.
3. android.permission.SYSTEM_ALERT_WINDOW (Optional)
   • Protects against screen-capture malware.
4. android.permission.PACKAGE_USAGE_STATS (Optional)
   • Detects foreground apps for toggling screen-capture protection.
5. android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
6. android.permission.READ_EXTERNAL_STORAGE (Mandatory)
7. android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
   • Scans and manages files for threats.

3) iShredder Android

Restricted Permissions:

1. android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
2. android.permission.READ_EXTERNAL_STORAGE (Mandatory)
3. android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
   • Read and write the bytes of files to securely overwrite them.
4. android.permission.READ_CONTACTS (Optional)
5. android.permission.WRITE_CONTACTS (Optional)
   • Read and write contacts on your device to securely delete them.

Common Features Across All Apps

1. In-App Billing System
   • Data Collected:
     • Purchase History: Records the history of purchases (only of the app) made within the app.

Apps Integrated with MY.PROTECTSTAR (MYPS) user account (optional)

Included Apps: Anti Spy, Antivirus AI, Firewall AI, DNS Changer, iShredder, Micro Guard

1. Endpoint: https://my-api.protectstar.com
   • Data Collected:
     • User Data: Includes UserId, email, name, surname, and password.
     • Device Type: : Information such as user-defined device name (e.g., Peter’s Samsung Galaxy S23), manufacturer, model, industrial design name, board (name of the underlying board, e.g., "goldfish"), hardware specifications.
     • Product SKU: App's own package name.
     • License Information: Activation ID, activation key.

Apps Integrated with Firebase Messaging

Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, Camera Guard, Micro Guard

• Data Collected:
  • Device Metadata: OS version, name, model, brand, form factor.
  • Installation Source: Identifies the app used for installation (e.g., Play Store).
  • App Version: Collects the app's version for managing topic subscriptions.
• Purpose: For developer communications and app updates.
• Settings: Analytics data collection and usage is disabled permanently according to https://firebase.google.com/docs/analytics/configure-data-collection?platform=android

In summary, the data we collect is not just for detecting threats but also for adapting our security measures to the unique environment of your device, ensuring that you have the most effective protection against evolving digital threats.

Firebase Messaging and Data Privacy

We use Firebase Messaging exclusively to send notifications and updates to your device to ensure you receive relevant messages and updates. No personal data or activity tracking occurs, so we do not collect personal or sensitive user data through Firebase Messaging.

No other Firebase services, such as Firebase Crashlytics, are used for collecting crash reports or personal data.

Learn more about Firebase Messaging’s data handling at https://firebase.google.com/docs/android/play-data-disclosure?hl=de#cloud-messaging

Rest assured, Firebase Messaging is only used to ensure you receive relevant messages and updates, and no personal or sensitive data is shared with or collected by third parties. For this, Firebase Messaging is specifically setup to collect no analytics data according to their documentation: https://firebase.google.com/docs/analytics/configure-data-collection?platform=android

Data Sharing and SDKs

We do not sell or share your personal data with third parties. The information we collect, such as hash values (e.g., SHA-256 and MD5 checksums), is fully anonymized and is used solely to enhance the functionality of our apps and protect your device.

When you use our apps, we may collect data like app checksums or file metadata. These checksums are unique digital fingerprints that allow us to verify the integrity of apps and files on your device without accessing their actual content. Importantly, this data does not contain any personal information, and it is anonymized to ensure it cannot be traced back to you.

Data retention is minimal: The data we collect is processed on secure servers located in Germany and is deleted after just a few seconds once the analysis is complete. This ensures that your data is handled securely and only for the duration necessary to fulfill its purpose.

At present, none of our apps integrate third-party SDKs that collect or share personal or sensitive user data. If we decide to use any third-party SDKs in the future, we will ensure full compliance with Google Play's policies and will update this disclosure accordingly to provide details about the data collected and its purpose. Additionally, we will seek your explicit consent for any such integration.

Prominent Disclosure and User Consent

Before we collect any personal or sensitive data, you will see a clear in-app disclosure explaining:

• What data is being collected
• Why it's needed
• How it will be used

You will be asked to provide explicit consent by tapping "Accept". Only after you agree will the app proceed with data collection. If you choose not to consent, you can exit the prompt, and no data will be collected.

Data Safety Section Consistency

We ensure that the information provided in this document is consistent with what is listed in the Google Play Data Safety section. We are committed to maintaining transparency, and any differences between the two will be promptly corrected.

Transparency and User Control Over Data

At Protectstar, we are fully committed to giving you control over your data at all times.

Opt-Out Options: You can stop the collection and transmission of data whenever you choose. This can be done by adjusting the app's settings, disabling the internet connection, or uninstalling the app. We ensure that no data is collected without your explicit consent, which you can revoke at any time should you change your mind.

Control Over Notifications: You can manage notifications via Firebase Messaging through your device's notification settings, giving you control over when and how you receive updates from us.

Data Retention and Protection

Your data is securely transmitted using AES-256 encryption over HTTPS to our servers in Germany (learn more at https://www.protectstar.com/en/our-philosophy), where it is processed.

We take your privacy seriously and ensure that data we collect is stored only for as long as necessary. The data collected, such as app checksums, is processed on our secure servers for just a few seconds before being permanently deleted. This means that your data is not retained longer than required for the security analysis, providing you with protection without compromising your privacy.

This fast, temporary storage of data helps us deliver the best possible protection for your device while ensuring that no unnecessary data is kept.

Your Rights Regarding Personal Data

In accordance with applicable law, you may have the right to:

• Access: Request confirmation of whether your data is being processed and obtain a copy.
• Correction or Deletion: Correct inaccuracies or request the deletion of personal data, subject to legal limitations.
• Objection or Restriction: Object to or restrict data processing under certain circumstances.
• Portability: Request a portable copy of your personal data in a structured, machine-readable format.

To exercise any of these rights, contact us at . We may need to verify your identity before processing the request.

Children’s Privacy

Our services are not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children. If you believe that your child has provided us with personal data, please contact us, and we will promptly delete the information.

We strongly encourage parents and guardians to advise their children never to provide personal information online without parental consent.

International Data Transfers

Protectstar Inc., headquartered in the United States, operates globally with entities and service providers located worldwide. As mentioned earlier, our state-of-the-art cloud servers, all located in Germany, are ISO 27001 certified for information security management.

In the course of our operations, we may transfer, store, or access your personal data across borders to jurisdictions with different data protection laws than those in your country. Regardless of where your data is processed, we are dedicated to ensuring it receives the same level of protection. To achieve this, we implement strong safeguards, such as standard contractual clauses and data protection agreements, to secure your personal data and comply with applicable international data transfer regulations.

For residents of the European Economic Area (EEA), we fully comply with the General Data Protection Regulation (GDPR) when transferring personal data outside the EEA or Switzerland.

Changes to This Disclosure

We may periodically update this disclosure to reflect changes in our practices, technology, legal requirements, or other relevant factors. In the event of significant updates, we will notify you by sending an email to the address associated with your account, by posting a notice on our website, and/or by prominently highlighting the update within our app.

We encourage you to review this disclosure regularly to stay informed about how we protect the personal data we collect. Your continued use of our services following any changes to this disclosure signifies your acceptance of the modifications.

Contact Us

If you have any questions about this disclosure or your data, please contact us at:

Protectstar Inc.
4281 Express Lane, Suite L3604
Sarasota, FL 34249, USA
Email: