Disclosure For Android Apps
Effective Date: September 30, 2024
Introduction
At cb innovations (“cb innovations”, “we”, “us”, “our”), protecting your privacy is central to our mission: to safeguard users from potential security risks such as theft, malware, and other threats. We only collect necessary information to ensure our services function correctly and efficiently to safeguard user.
This Privacy Policy applies to the information we collect from your device when you download and install our Android apps. By using our apps, you acknowledge that you have read, understood, and agree to this Privacy Policy. Any disputes related to privacy are governed by this Policy, as well as applicable Terms of Service and End User License Agreements.
This disclosure applies globally. Users from the European Economic Area (EEA) and other regions may have additional rights, as outlined in this Policy.
Which cb inovations Android Apps Do Collect Personal Data?
At cb innovations, we put your privacy at the forefront of what we do and only collect necessary information to provide our products and services effectively.
Which Android Apps from cb innovations Do Collect Information?
- Anti Spy Detector
- Firewall Security – No Root
Overview about all our apps and their specific data collection practices that is send to the related URL incl. their purpose as well as the Restricted Permissions:
A. Firewall Security – No Root
Note about the Firewall Security – No Root app:
The Firewall Security – No Root app forwards the traffic of allowed connections directly to their destination through the Android VPN Service without using a remote VPN server. Its mode of operation can lead to one of two scenarios concerning your internet traffic:
- When IP Filtering is Disabled: Both blocked and allowed internet traffic are routed into the local VPN service and all traffic is forwarded to the intended destination.
- When IP Filtering is Enabled: Both blocked and allowed internet traffic are routed into the local VPN service, but only allowed traffic is forwarded to the intended destination. No traffic is sent to a remote VPN server.
The Android VPN Service (https://developer.android.com/reference/android/net/VpnService.html) is utilized to locally route all internet traffic to Firewall Security app. This design means that root access is not required to build or implement this firewall application.
Through transparently explaining these functions, we aim to instill confidence in our users regarding the privacy and integrity of their data when utilizing our Firewall Security application.
Data Collection and Usage:
- Endpoint: https://www.cb-innovations.com/api/get-blocklists-info
- Data Collected: App package name
- Purpose: To download the latest filter block lists.
- Endpoint: https://www.cb-innovations.com/api/whois
- Data Collected: IP address of visited URLs, locale of user's device
- Purpose: To provide localized WhoIs information for an IP address specifically selected by the user.
- Endpoint: https://tile.openstreetmap.org
- Data Collected: User agent (app package name, app version, developer email)
- Purpose: To display Open Street Map for WhoIs information.
Restricted Permissions:
- android.permission.READ_PHONE_STATE (mandatory)
- Allows read-only access to phone state, including cellular network information.
- android.permission.QUERY_ALL_PACKAGES (mandatory)
- Lists all apps installed on the device, enabling user control over app blocking or bypass in the Firewall Security app.
- VPNService
- Redirects Android’s network traffic through the apps for security purposes.
B. Anti Spy Detector
Data Collection and Usage:
- Endpoint:
https://www.cb-innovations.com/api/get-deep-detective-packages-shas-info
- Data Collected: SHA256, MD5, Package Name
- Purpose: To identify potential security threats during manual and real-time scanning.
Restricted Permissions:
- android.permission.SCHEDULE_EXACT_ALARM (Optional)
- Enables scans at user-defined times.
- android.permission.QUERY_ALL_PACKAGES (Mandatory)
- Scans all installed apps for threats.
- android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
- android.permission.READ_EXTERNAL_STORAGE (Mandatory)
- android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
- Scans and manages files for threats.
C. Common Features Across All Apps
-
1. In-App Billing System
-
Data Collected:
- Purchase History: Records the history of purchases (only of the app) made within the app.
-
Data Collected:
Data Collection: Why, What, and How
To enhance security, optimize performance, and offer tailored services, we collect the following data from your device:
Why We Collect Your Data
When you use our cb innovations apps, we collect certain information to enhance the security and functionality of our services. Here’s why we need specific types of data:
- App Package Name: Users’ installed application information. We collect the names of apps installed on your device. This helps us identify which apps are running and enables us to tailor our security measures to the specific apps you use. It's a crucial step in ensuring that our security protocols are effective against threats that might target specific applications.
- SHA-256 & MD5 Checksum: These are unique digital fingerprints of an app's APK file. By collecting these checksums, we can verify the integrity of the apps on your device. This is essential for detecting alterations or corruptions in app files that could indicate the presence of malware or spyware.
- File Checksums: Similar to the app checksums, we collect SHA-256 and MD5 checksums of files on your device. This allows us to verify the integrity of these files and detect any unauthorized modifications. It’s a vital component in our effort to safeguard your device from malware that might alter or damage your files.
The purpose of sending users’ installed application information, the calculated SHA-256/MD5 checksums to https://www.cb-innovations.com is to analyze the information by our cb innovations cloud servers.
Operating on servers, rather than individual devices, the cb innovations cloud servers offers efficient, precise analysis without taxing your device's resources.
The collected data is crucial for:
- Detect and mitigate potential security threats (e.g., malware or spyware).
- Assessing the safety of apps and files on your device.
- Reducing false alarms by accurately differentiating between safe and harmful software.
- Continuously enhancing the performance and capabilities of our apps.
What We Collect
We collect two main types of data (only for Anti Spy Detector app, as explained before)
- Installed Application Information: Includes package names and checksums (SHA-256/MD5) of apps installed on your device. We do not access or collect any app content.
How We Use Your Data
At cb innovations, we are committed to responsibly using the information we collect to enhance your security, provide superior service functionality, and maintain high standards of customer support.
The data is securely transmitted to our cloud servers (https://www.cb-innovations.com) using AES-256 encryption over HTTPS to maintain confidentiality and privacy. It is used to:
- Analyze app package names and checksums to identify malware and potential threats.
- By analyzing the data, we identify and neutralize potential threats, minimizing false positives and safeguarding your device.
- We review the information sent from your device to detect vulnerabilities and proactively take steps to mitigate risks.
Your data is anonymized during processing and cannot be traced back to individual users. If you prefer not to have this data collected, you can disable the internet connection, though this may affect app functionality.
Purpose of Data Processing
We collect and process your data to:
- Identify and analyze potential threats.
- Maintain the security and integrity of apps installed on your device.
- Ensure optimal performance by offloading intensive analysis to cloud servers, improving device resource efficiency.
By analyzing this data, our cloud servers ensures your device is secure without affecting performance.
Data Sharing and SDKs
We do not sell personal or sensitive user data to any third party. All data collected is solely used to enhance app functionality and to provide users with better services, as explained within this disclosure. No personal information will be shared, exchanged, or transferred, ensuring compliance with Google Play’s policies.
Third-Party SDK Compliance
Currently, our apps do not integrate third-party SDKs that collect or share personal or sensitive user data. If third-party SDKs are integrated in the future, we will ensure that they fully comply with Google Play's policies. Detailed disclosures about the data collected, the reasons for collection, and any sharing with third parties will be provided within the app, along with user consent where required.
Prominent Disclosure and User Consent
In cases where personal or sensitive user data is collected beyond what is reasonably expected during app use, we ensure that users are provided with a clear and prominent in-app disclosure. This disclosure will specify what data is being accessed, how it is used, and with whom it may be shared. Users will be required to provide explicit consent before the app can access such data. Our apps do not interpret user navigation away from a consent prompt as approval.
Data Safety Section Consistency
We ensure that the disclosures made in this policy are consistent with the information provided in the Google Play Data Safety section. Our commitment is to maintain transparency, and any discrepancies between the two will be promptly addressed and updated to ensure clarity and compliance.
Transparency and Control
We believe in transparency and clarity regarding how we handle your data. You have full control over your data and can opt out of data collection by uninstalling the app or adjusting your internet settings.
Data Retention and Protection
Under applicable law, you have the following rights:
- Access: Request confirmation of whether your data is being processed and obtain a copy.
- Correction or Deletion: Correct inaccuracies or request the deletion of personal data, subject to legal limitations.
- Objection or Restriction: Object to or restrict data processing under certain circumstances.
- Portability: Request a portable copy of your personal data in a structured, machine-readable format.
To exercise any of these rights, please contact us. We may need to verify your identity before processing the request.
Children’s Privacy
Our services are not intended for children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children. If you believe your child has provided us with personal data, please contact us, and we will promptly delete the data.
International Data Transfers
cb innovations operates globally, and your data may be transferred to jurisdictions with different data protection laws. However, we ensure your data is protected under standard contractual clauses and comply with the General Data Protection Regulation (GDPR) for European Economic Area (EEA) residents.
Changes to This Disclosure
We may update this Policy periodically to reflect changes in our practices. If significant changes are made, we will notify you via email, our website, or within the app.
Contact Us
For questions, concerns, or requests to update or remove your information, please contact us at:
cb innovations
Schwarzwaldstr. 22
D-76532 Baden-Baden
GERMANY
E-Mail: