Privacy Policy For Android Apps

Effective Date: December 21, 2023

Developer Information and Privacy Point

If you have any questions or comments about this Privacy Policy, or if you would like us to update or remove information or preferences you provided to us, please may contact us at:

cb innovations
Schwarzwaldstr. 22
D-76532 Baden-Baden
GERMANY
E-Mail:

Introduction

Our company cb innovations (“cb innovations”, “we”, “us”, “our”), care about privacy. It is a significant part of our mission: to protect our users (“you” and “your”) from the risks of theft.

This Privacy Policy applies to the information we collect from you or your device when you download one of our Services and the information we collect when you install our Services on your device.

When you use our apps for Android, you acknowledge that you have read this Privacy Policy and understand its contents. Your use of our Services and any dispute over privacy is subject to this Policy, any applicable Terms of Service (including any applicable limitations on damages and the resolution of disputes), and any applicable End User License Agreement.

This Privacy Policy applies to all users of our Services across the world. Some users, including residents of the European Economic Area, may have additional rights depending on where they are located, which are described in this Policy.

Why We Collect Your Personal Data?

Data collection is required to retrieve diagnostic information to help us identify and resolve technical issues. By understanding the circumstances leading to app crashes, we can develop effective bug fixes to enhance your app experience. This insight empowers us to optimize app performance, increase stability, and confidently introduce new features.

Collecting specific data enables the functionality of certain Android apps from cb innovations. This collection helps provide accurate information about malware and enhances the app's security features.

What Kinds of Information Do We Collect?

Information from Third Parties:

For all Android apps from cb innovations for which we do collect Data, we use third parties such as Google Play Services and Firebase Crashlytics. These services assist us in gathering and analyzing diagnostic information, playing a crucial role in maintaining app stability and resolving issues efficiently. This data includes:

  • Crash Logs
  • User IDs
  • Device or other IDs

Link to the privacy policy of third party service providers used by the app:

  • Google Play Services: https://policies.google.com/privacy
  • Firebase Crashlytics: https://firebase.google.com/support/privacy

Information You Provide Directly to Us:
3. Information Collection and Use: What Information (data types) Do We Collect?

“Collect” means transmitting data from your app off your device to our cloud server.

The data collection must use the app to receive accurate information about malware. If you do not want your data collected, you need to disable your internet connection so the app and file checksums cannot be synced with the cloud. But this will result in lower detection of possible malware and other security threats.

Overview of the data type we collect when you use our app:

Category Data type Description
Files and docs Files The SHA-256 and MD5 checksum information of your stored files, and the file names will be collected. However, the content of the file will be NOT collected.
App activity Installed apps Information about the apps installed on your device. Your installed app package information (package-name and SHA-256 checksum) will be collected.
App info and performance Crash logs Crash log data from the app. For example, the number of times your app has crashed and other information directly related to a crash.

When using an internet connection to the cloud server of cb innovations, you send selective installed app package information of apps installed on your device and file information stored on your device.

We collect the information you provide to us. For example, while using the app, we collect and process the following Service and Device Data through your interactions with the Services and devices on which our Android apps are installed restricted to the following:

  • The app corresponding package name
  • The calculated SHA-256 checksum of the apps apk file
  • The calculated SHA-256 and the MD5 checksum of the scanned file
  • The filename of the scanned file
  • Details about your device, including internet protocol (IP) address, and other device identifiers, and operating system. We may collect this information through our Services.
  • When you use our products to protect your mobile device, we collect geo-location data (based on the IP address and NOT related to the GPS) of the device on which the product is installed.

To provide our Services, we collect information. Some information you provide directly to us, and other information we collect automatically through our Services. Some are collected from third parties like Google Play Services, Google Analytics for Firebase, and Firebase Crashlytics.

Your data is sent anonymously to our cloud server at https://www.cb-innovations.com and also the users' Installed Application information to https://android.apis.google.com

Opting Out of Data Collection: If you prefer not to have your data collected, you may turn off your internet connection, which could lead to decreased detection of possible malware and other security threats.

Disclosure Regarding cb innovations' Android App “Firewall Security - No Root”

This disclosure pertains to the operation and data handling practices of the “Firewall Security - No Root” app developed by cb innovations for Android devices.

Functionality of the App:
The app employs the Android VPN Service (as outlined at Android VPN Service) to manage internet traffic on the device. Notably, it does not require a remote VPN server for its operation. The key operational modes of the app are as follows:

  1. When IP Filtering is Disabled: In this mode, the app routes all internet traffic through the local VPN service. Any traffic identified as blocked is not forwarded and is effectively terminated within the local VPN service. This ensures that blocked traffic does not reach any external network.
  2. When IP Filtering is Enabled: Under this setting, both blocked and allowed internet traffic pass through the local VPN service. However, only the allowed traffic is forwarded to its intended destination. Blocked traffic, much like in the disabled state, is not forwarded.

Data Privacy:
The design and implementation of this app are such that it does not require root access to the Android device. By leveraging the existing capabilities of the Android VPN Service, the app efficiently routes internet traffic without necessitating deep system modifications.

In providing this information, our aim is to transparently communicate the functionality of the “Firewall Security - No Root” app and affirm our commitment to user privacy and data integrity. Users can confidently use the app, knowing that their data is handled responsibly and in accordance with established privacy standards.

How will your data be transferred from your device?

Your data is sent anonymously to our cloud server at https://www.cb-innovations.com and also the users' Installed Application information to https://android.apis.google.com

The collected data by your app using encryption in transit to protect user data flow from the end user’s device to the cloud servers. The data transmission is performed in encrypted (AES-256 bit) form using the HTTPS protocol.

What is the purpose of processing your data?

The described data types we collect as users' installed package information or file information of scanned files through the app, you send, is needed to provide the services to you, to offer you an accurate detection of malware and detect suspicious espionage threats.

Our purpose in collecting your information is to equip you with valuable products and services that provide a more agile, dynamic response to new and also unknown threats.

The purpose is to analyze the installed application and file information by our cloud server. The cloud server runs on a server and not on individual devices, like the user's smartphone. This ensures the full performance of the cloud servers and enables quick and precise analyzes.

At the same time, it keeps the user devices resource-efficient with optimal performance.

The data processing ensures:

  • Identifying new threats, their behavior, their security status, and their sources.
  • Determination of the reputation of examined objects.
  • Reducing the likelihood of false alarms (False Positives)
  • Increasing the performance of software components.
  • Performance increase for the rights holder's products.
  • Access to the confidential installed app information and use is directly related to the provision and improvement of cb innovations Android apps' functions.

Overview about our apps and their specific data collection practices that is send to the related URL incl. their purpose as well as the Restricted Permissions:

A. Firewall Security – No Root

Data Collection and Usage:

  1. Endpoint: https://www.cb-innovations.com/api/get-blocklists-info
    • Data Collected: Own app package name
    • Purpose: To download the latest filter block lists.

  2. Endpoint: https://www.cb-innovations.com/api/whois
    • Data Collected: IP address of visited URLs
    • Purpose: To provide localized WhoIs information for an IP address.

  3. Endpoint: https://android.apis.google.com
    • Data Collected: Users' installed package information
    • Purpose: Synchronisation with quality management.

  4. Endpoint: https://*.tile.openstreetmap.org
    • Data Collected: User agent (own app package name, version, developer email)
    • Purpose: To display Open Street Map for WhoIs information.

Restricted Permissions:

  1. android.permission.READ_PHONE_STATE (mandatory)
    • Allows read only access to phone state, including the current cellular network information
  2. android.permission.QUERY_ALL_PACKAGES (mandatory)
    • Used to list all apps installed on the device for the user to select which apps should be blocked by or bypass the Firewall
  3. VPNService
    • Used to traffic Android’s Network through the apps

B. Anti Spy Detector

Data Collection and Usage:

  1. Endpoint: https://www.cb-innovations.com/api/get-deep-detective-packages-shas-info
    • Data Collected: SHA256, MD5, Package Name
    • Purpose: To identify potential security threats.

Restricted Permissions:

  1. android.permission.QUERY_ALL_PACKAGES (mandatory)
    • Used to scan all apps installed on the device for threats
  2. android.permission.MANAGE_EXTERNAL_STORAGE (mandatory),
    android.permission.READ_EXTERNAL_STORAGE (mandatory),
    android.permission.WRITE_EXTERNAL_STORAGE (mandatory)
    • Used to scan all files on the users device for threats and delete malicious files

Apps Integrated with Firebase
Included Apps: Anti Spy Detector + Firewall Security

  1. Firebase Crashlytics (Firebase Crashlytics Data Disclosure)
    • Data Collected:
      • Crash Logs / Stack Traces: Collects stack traces when an application crashes.
      • Application State: Gathers relevant application state during a crash.
      • Device Metadata: Point-in-time metadata about the device during a crash.
      • Crashlytics Installation UUID: Measures the number of users impacted by a crash.
      • User IDs: Including MYPS user id.
    • Purpose: For analytics and improving app stability.

  2. Firebase Messaging (Firebase Messaging Data Disclosure)
    • Data Collected:
      • Device Metadata: OS version, name, model, brand, form factor.
      • Installation Source: Identifies the app used for installation (e.g., Play Store).
      • App Version: Collects the app's version for managing topic subscriptions.
    • Purpose: For developer communications and app updates.

In summary, the data we collect is not just for detecting threats but also for adapting our security measures to the unique environment of your device, ensuring that you have the most effective protection against evolving digital threats.

How do we use the information we collect?

When you install or use one of our Services, it will run in the background of your device or environment to help predict threats, and better protect you, your devices, and your information.
We use the data we collect for:

  • (a) Providing and operating our Services;
  • (b) Addressing and responding to service, security, and customer support needs;
  • (c) Detecting and preventing cybersecurity threats, such as malware, on your device;
  • (d) Identifying potential false positives;
  • (e) Analyzing data sent to or from your device(s) to isolate and identify threats, vulnerabilities, viruses, suspicious activities, and attacks, and to communicate potential threats to you.

Transmitted user information will only be used for the aforementioned limited purposes, which the user has agreed to.

The specific data processed depends on the product or service in use. We encourage users to carefully review the agreements and related disclosures during the installation or use of any software or service. Regardless of the type of data or the jurisdiction where the data is received or processed, we uphold the highest data protection standards and implement diverse legal, organizational, and technical measures to secure user data. This approach ensures the safety and confidentiality of data and respects user rights under applicable law.

Additional Uses
We may also utilize Personal Data for activities where we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you when you provide Personal Data or as per your consent.

How long do we store your Personal Data?

The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house servers in Germany.

The company cb innovations will keep your Personal Data for the minimum period necessary for the purposes set out in this Policy, namely (i) for as long as you are a registered subscriber or user of our products or (ii) for as long as your Personal Data is necessary for connection with the lawful purposes set out in this Policy, for which we have a valid legal basis or (iii) for as long as is reasonably necessary for business purposes related to the provision of the Services, such as internal reporting and reconciliation purposes, warranties or to provide you with feedback or information you might request. Where required by law, we will delete your biometric data within three years of your last interaction with the Services.
In addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional periods as are necessary for connection with that claim. Once the above mentioned periods, each to the extent applicable, have concluded, we will either permanently delete, destroy, or de-identify the relevant Personal Data so that it can no longer reasonably be tied to you.

The selective extracted and transmitted data, as listed above, are stored for the duration, as is technically necessary. As a rule, this is only a few seconds before the data is securely deleted from our servers by a high-security deletion standard. In addition, for randomized sample testing, some transmitted installed package information is stored anonymized in the form of statistics.

In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.

Who Do We Share Personal Data With?

“Sharing” refers to transferring user data collected from your app to a third party. We do NOT share or sell the collected data you send with third parties.

How Do We Protect Your Data?

We use administrative, organizational, technical, and physical safeguards to protect the Personal Data we collect and process. Our security controls are designed to maintain data confidentiality, integrity, and appropriate availability.

cb innovations also maintain physical, electronic, and procedural safeguards to protect the information against loss, misuse, damage or modification, and unauthorized access or disclosure. Some of the other central features of our information security program are:

  • The Information Security Department, which designs, implements, and provides oversight to our information security program;
  • Application of appropriate information security tools;
  • Performance evaluation of applied personal data security measures before commissioning processing systems;
  • Implementing controls to identify, authenticate and authorize access to various services or websites;
  • Discovering the facts surrounding unauthorized access to personal data and adopting corresponding measures;
  • Recovery of personal data that was modified or destructed;
  • Establishing access rules to personal data processed in cb innovations processing systems and also recording and accounting for all actions undertaken with personal data in these systems;
  • Encryption between our clients and servers (and between our various data centers);
  • We restrict access of our employees and contractors who need to know the information to process it for us and are subject to strict contractual confidentiality obligations to personal information. They may be disciplined or their contract terminated if they fail to meet these obligations;
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
  • Monitoring measures are taken to ensure the security of personal data;
  • Providing cb innovations personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

What Choices Do You Have About Your Personal Data?

Register a cb innovations Consumer Product. You can access and correct the Personal Data in contacting us as described below. Suppose you have not registered a cb innovations product, but one of our products is installed on your device. In that case, you may stop cb innovations’ collection of Personal data from your device by uninstalling that product.

For support questions, please visit the cb innovations page at https://www.cb-innovations.com/en/contact

Information We Collect from Third Parties

We may receive information about you from other sources and combine it with the information we collect directly. Examples of information we may receive from other sources include: Updated delivery or payment information is used to correct our records.

  • Purchase or redemption information.
  • Customer support and enrollment information.

For our identity protection Consumer Products, we also may collect credit or identity information to help prevent and detect fraud.

How long do we store your Personal Data?

The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house servers in Germany.

cb innovations will keep your Personal Data for the minimum period necessary for the purposes set out in this Policy, namely (i) for as long as you are a registered subscriber or user of our products or (ii) for as long as your Personal Data is necessary for connection with the lawful purposes set out in this Policy, for which we have a valid legal basis or (iii) for as long as is reasonably necessary for business purposes related to the provision of the Services, such as internal reporting and reconciliation purposes, warranties or to provide you with feedback or information you might request.

The selective extracted and transmitted data, as listed above, are stored for the duration, as is technically necessary. As a rule, this is only a few seconds before the data is securely deleted from our servers by a high-security deletion standard. In addition, for randomized sample testing, some transmitted installed package information is stored anonymized in the form of statistics.

In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.

Individual Rights in Personal Data

Under applicable law, you may have the right to:

  • Request confirmation of whether we are processing your Personal Data.
  • Obtain access to or a copy of your Personal Data.
  • Receive a portable copy of your Personal Data, or ask us to send that information to another organization (the "right of data portability").
  • Seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Data.
  • Restrict our processing of your Personal Data.
  • Object to our processing of your Personal Data.
  • Request erasure of Personal Data held about you by us, subject to certain exceptions prescribed by law.

If you would like to exercise any of these rights, don't hesitate to get in touch with us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we may take steps to verify your identity before fulfilling your request. For some requests and where permitted by law, an administrative fee may be charged. We will advise you of any applicable fee before performing your request.

Children’s Privacy

Some of cb innovations’ Services provide security features that parents may use to monitor their child’s activity online, physical location, or use of a registered device. These Services require parental consent, and we do not knowingly use the Personal Data we collect from children’s devices for any purpose except to deliver the Services. In addition, these products allow parents to delete their child’s profile. If you believe we have collected information from your child in error or have questions or concerns about our practices relating to children, please contact us as described below. If you are under 18, you must have your parent’s permission to access the Services.

cb innovations urge parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission. If you learn that your child has provided us with Personal Data without your consent, you may alert us by contacting us as described below. Suppose we know that we have collected any Personal Data from children under 13 (and in certain jurisdictions under the age of 16). In that case, we will promptly take steps to delete such information and terminate the child’s account.

Data Transfers

cb innovations is located in GERMANY, and we have operations, entities, and service providers in Germany. Our service providers and we may transfer your Personal Data to, or store or access it in jurisdictions that may not provide equivalent data protection levels as your home jurisdiction. We will ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it.

We do NOT transfer Personal Data to countries outside of the EEA or Switzerland through a series of intercompany agreements based on the Standard Contractual Clauses in accordance with EU law and applicable EU regulations.

Changes to This Privacy Policy

We reserve the right to revise or modify this Privacy Policy. Besides, we may update it to reflect changes to our data practices. If we make any material changes, we will notify you by e-mail (sent to the e-mail address specified in your account) or through a notice on this website before the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any questions or comments about this Privacy Policy, or if you would like us to update or remove information or preferences you provided to us, please may contact us at:

cb innovations
Schwarzwaldstr. 22
D-76532 Baden-Baden
GERMANY
E-Mail: