Disclosure For Android Apps

Effective Date: January 06, 2024

• Introduction
• Which Protectstar Android Apps Do Collect Personal Data?
• Information Collection and Use
• Which Protectstar Android Apps Do Collect Personal Data?
• What kind of personal data do you provide to us, and what data do we collect?
• How will your data be transferred from your device to our cloud server?
• Why do we process your data?
• What is the purpose of sending users' installed application information to https://api.protectstar.com ?
• How do we use the information we collect?
• How long do we store your Personal Data?
• Who Do We Share Personal Data With?
• How Do We Protect Your Data?
• What Choices Do You Have About Your Personal Data?
• Individual Rights in Personal Data
• Children’s Privacy
• Data Transfers
• Individual Rights Requests and Withdraw Consent
• Data Subject's Rights
• California Privacy Rights
• Changes to This Privacy Policy
• Contact Us

Introduction

Please read this disclosure carefully before you agree to it. This disclosure outlines the personal data collected and transferred from users of our Android apps, their usage, and sharing practices.

We at Protectstar Inc. (“Protectstar”, “we”, “us”, “our”) values privacy, security, and online safety and is committed to protecting users' (“you” and “your”) information and activities.

We may update this disclosure to reflect changes in our business. Material changes will be communicated via email, in-product notification, or as required by law. Therefore, review the most current version of this disclosure regularly.

Which Protectstar Android Apps Do Collect Personal Data?

Our app ensures you are well-informed during its normal usage by providing an in-app disclosure without the need to explore menus or settings. Alongside the disclosure, we request your consent by following these guidelines:

1. We display the disclosure prominently and right before asking for your consent.
2. We require a clear, affirmative action from you, such as tapping "accept" or checking a box, to indicate your consent.
3. We do not consider leaving the disclosure (by tapping elsewhere, pressing the back or home button) as a sign of your consent.
4. We avoid using auto-dismissing or expiring messages to obtain your consent.

Information Collection and Use

For a better experience, while using our service, we may require you to provide us with your installed application information.

Our app transmits users' installed application information off the device to our servers at https://api.protectstar.com to provide and improve the services offered by the app.

The information we request is uploading users' installed application information to https://api.protectstar.com will be retained and used as described in this privacy policy.

The app does use third-party services that may collect information used to identify you. This data is sent to, but not limited to https://app-measurement.com.

Link to the privacy policy of third party service providers used by the app:

• Google Play Services
• Google Analytics for Firebase
• Firebase Crashlytics

Which Protectstar Android Apps Do Collect Personal Data?

At Protectstar, we put your privacy at the forefront of what we do and only collect necessary information to provide our products and services effectively.

Which Protectstar Android Apps Do NOT Collect Information?

• iShredder Android

Which Protectstar Android Apps Do Collect Information?

• Anti Spy Android
• Antivirus AI Android
• Camera Guard Android
• DNS Changer Android
• Firewall AI Android
• Micro Guard Android

Note about the Firewall AI app:

The Firewall AI app forwards the traffic of allowed connections directly to their destination through the Android VPN Service without using a remote VPN server. Its mode of operation can lead to one of two scenarios concerning your internet traffic:

• When IP Filtering is Disabled: Any blocked internet traffic is routed into the local VPN service, effectively acting as a sinkhole that drops all blocked traffic.
• When IP Filtering is Enabled: Both blocked and allowed internet traffic are routed into the local VPN service, but only allowed traffic is forwarded to the intended destination. No traffic is sent to a remote VPN server.

The Android VPN Service (https://developer.android.com/reference/android/net/VpnService.html) is utilized to locally route all internet traffic to Firewall AI. This design means that root access is not required to build or implement this firewall application.

Through transparently explaining these functions, we aim to instill confidence in our users regarding the privacy and integrity of their data when utilizing our Firewall AI applications.

What kind of personal data do you provide to us, and what data do we collect?

To ensure the full performance of the cloud servers and to enable quick and precise analyzes, we process the following Service and Device Data:

Selective users’ installed app package information of the apps you have installed on your device in the data type of SHA-256 checksum and corresponding installed app package names.
The data will be sent to our servers at https://api.protectstar.com

The type of data we collect include the following:

• Installed app package information (package-name, SHA-256 and MD5 checksum).
• SHA-256 and MD5 checksum if you're scanning files for malware (NOT the content of the scanned file!).
• Details about your device, including IP address, device identifiers, and operating system.
• When using our products to protect your mobile device, geo-location data is based on the IP address (not related to GPS).

How We Handle Your Data:

• Anonymity: We prioritize your privacy and ensure all data transmitted to our cloud server at https://api.protectstar.com/api/get-deep-detective-packages-shas-info and https://api.protectstar.com/api/get-blocklists-info (only Firewall AI) is completely anonymized.
• Encryption: We employ stringent data transmission practices, including the use of Advanced Encryption Standard (AES) with a 256-bit key, carried over the HTTPS protocol. This robust encryption not only secures your data but also reinforces the impossibility of tracing the data back to individual users.

Opting Out of Data Collection: If you prefer not to have your data collected, you may turn off your internet connection, which could lead to decreased detection of possible malware and other security threats.

How will your data be transferred from your device to our cloud server?

The data transmission is performed in encrypted (AES-256 bit) form using the HTTPS protocol and cannot be tracked back to individuals.

Why do we process your data?

When you use our Protectstar® apps, we collect certain information to enhance the security and functionality of our services. Here’s why we need specific types of data:

1. App Package Name: Users’ installed application information. We collect the names of apps installed on your device. This helps us identify which apps are running and enables us to tailor our security measures to the specific apps you use. It's a crucial step in ensuring that our security protocols are effective against threats that might target specific applications.
2. SHA-256 & MD5 Checksum: These are unique digital fingerprints of an app's APK file. By collecting these checksums, we can verify the integrity of the apps on your device. This is essential for detecting alterations or corruptions in app files that could indicate the presence of malware or spyware.
3. File Checksums: Similar to the app checksums, we collect SHA-256 and MD5 checksums of files on your device. This allows us to verify the integrity of these files and detect any unauthorized modifications. It’s a vital component in our effort to safeguard your device from malware that might alter or damage your files.

The purpose of sending users’ installed application information, the calculated SHA-256/MD5 checksums to https://app-measurement.com and to https://api.protectstar.com is to analyze the information by our Protectstar® Artificial Intelligence Cloud (AI Cloud).

Operating on servers, rather than individual devices, the AI Cloud offers efficient, precise analysis without taxing your device's resources.

The collected data is crucial for:

• Identifying and understanding the behavior of potential threats.
• Assessing the safety of apps and files on your device.
• Reducing false alarms by accurately differentiating between safe and harmful software.
• Continuously enhancing the performance and capabilities of our apps.

Overview about all our apps and their specific data collection practices that is send to the related URL incl. their purpose as well as the Restricted Permissions:

A. Firewall AI + DNS Changer

Data Collection and Usage:

1. Endpoint: https://api.protectstar.com/api/get-blocklists-info
   • Data Collected: App package name
   • Purpose: To download the latest filter block lists.
2. Endpoint: https://api.protectstar.com/api/whois
   • Data Collected: IP address of visited URLs, locale of user's device
   • Purpose: To provide localized WhoIs information for an IP address.
3. Endpoint: https://tile.openstreetmap.org
   • Data Collected: User agent (app package name, version, developer email)
   • Purpose: To display Open Street Map for WhoIs information.

Restricted Permissions:

1. android.permission.READ_PHONE_STATE (Mandatory, except for DNS Changer)
   • Allows read-only access to phone state, including cellular network information.
2. android.permission.QUERY_ALL_PACKAGES (Mandatory)
   • Lists all apps installed on the device, enabling user control over app blocking or bypass in the Firewall.
3. VPNService
   • Redirects Android’s network traffic through the apps for security purposes.

B. Anti Spy + Antivirus AI

Data Collection and Usage:

1. Endpoint: https://api.protectstar.com/api/get-deep-detective-packages-shas-info
   • Data Collected: SHA256, MD5, Package Name
   • Purpose: To identify potential security threats.
2. Endpoint: https://api.protectstar.com/api/add-statistic-item, https://api.protectstar.com/api/add-file-statistic-item
   • Data Collected: SHA256, MD5, Package Name, File Path/Name, Installation source, App version/code, Device metadata (OS version, manufacturer, model)
   • Purpose: To analyze and record statistics of detected threats.
3. Google SafetyNet
   • Data Collected: Package name, application signing certificate, device attestation token
   • Purpose: Verifying app and device integrity, checking Google Play Protect status.

Restricted Permissions:

1. android.permission.SCHEDULE_EXACT_ALARM (Optional)
   • Enables scans at user-defined times.
2. android.permission.QUERY_ALL_PACKAGES (Mandatory)
   • Scans all installed apps for threats.
3. android.permission.SYSTEM_ALERT_WINDOW (Optional)
   • Protects against screen-capture malware.
4. android.permission.PACKAGE_USAGE_STATS (Optional)
   • Detects foreground apps for toggling screen-capture protection.
5. android.permission.MANAGE_EXTERNAL_STORAGE (Mandatory)
6. android.permission.READ_EXTERNAL_STORAGE (Mandatory)
7. android.permission.WRITE_EXTERNAL_STORAGE (Mandatory)
   • Scans and manages files for threats.

C. Common Features Across All Apps

1. In-App Billing System
   • Data Collected:
     • Purchase History: Records the history of purchases made within the app.

D. Apps Integrated with MY.PROTECTSTAR (MYPS) user account

Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer

1. Endpoint: https://my-api.protectstar.com
   • Data Collected:
     • User Data: Includes UserId, email, name, surname, and password.
     • Device Type: Information such as user-defined device name (e.g., Peter’s Samsung Galaxy S23), manufacturer, model, industrial design name, board (name of the underlying board, e.g.,"goldfish"), hardware specifications.
     • Product SKU: App's own package name.
     • License Information: Activation ID, activation key.

E. Apps Integrated with Firebase

Included Apps: Anti Spy, Antivirus AI, Firewall, DNS Changer, Camera Guard, Micro Guard

1. Firebase Crashlytics (Firebase Crashlytics Data Disclosure)
   • Data Collected:
     • Crash Logs/ Stack Traces: Collects stack traces when an application crashes.
     • Application State: Gathers relevant application state during a crash.
     • Device Metadata: Point-in-time metadata about the device during a crash.
     • Crashlytics Installation UUID: Measures the number of users impacted by a crash.
     • User IDs: Including MYPS user id.
   • Purpose: For analytics and improving app stability.
2. Firebase Messaging (Firebase Messaging Data Disclosure)
   • Data Collected:
     • Device Metadata: OS version, name, model, brand, form factor.
     • Installation Source: Identifies the app used for installation (e.g., Play Store).
     • App Version: Collects the app's version for managing topic subscriptions.
   • Purpose: For developer communications and app updates.
3. Google Play Services (Google Play Services)
   • Data Collected:
     • Device Metadata: OS version, name, model, brand, form factor.
     • Installation Source: Identifies the app used for installation (e.g., Play Store).
     • App Version: Collects the app's version for managing topic subscriptions.
   • Purpose: For developer communications and app updates.

In summary, the data we collect is not just for detecting threats but also for adapting our security measures to the unique environment of your device, ensuring that you have the most effective protection against evolving digital threats.

What is the purpose of sending users' installed application information to https://api.protectstar.com ?

Our purpose in collecting your information is to equip you with useful products and services that provide a more agile, dynamic response to new and unknown threats.

The purpose of sending users' installed application information to https://api.protectstar.com is to analyze the installed application information by our Protectstar® Artificial Intelligence Cloud (AI Cloud). Protectstar® AI Cloud runs on servers and not on individual devices, like the user's smartphone. This ensures the full performance of the AI Cloud servers and enables quick and precise analyzes. At the same time, it keeps the user devices resource-efficient with optimal performance.

The data processing ensures:

• Identifying new threats, their behavior, their security status, and their sources.
• Determination of the reputation of examined objects.
• Reducing the likelihood of false alarms.
• Increasing the performance of software components.
• Performance increase for the rights holder's products.
• Access to the confidential installed app information and use is directly related to the provision and improvement of Protectstar Android apps' functions.

How do we use the information we collect?

When you install or use one of our Services, it will run in the background of your device or environment to help predict threats, and better protect you, your devices, and your information.

We use the data we collect for:

1. Providing and operating our Services;
2. Addressing and responding to service, security, and customer support needs;
3. Detecting and preventing cybersecurity threats, such as malware, on your device;
4. Identifying potential false positives;
5. Analyzing data sent to or from your device(s) to isolate and identify threats, vulnerabilities, viruses, suspicious activities, and attacks, and to communicate potential threats to you.

Transmitted user information will only be used for the aforementioned limited purposes, which the user has agreed to.

The specific data processed depends on the product or service in use. We encourage users to carefully review the agreements and related disclosures during the installation or use of any software or service. Regardless of the type of data or the jurisdiction where the data is received or processed, we uphold the highest data protection standards and implement diverse legal, organizational, and technical measures to secure user data. This approach ensures the safety and confidentiality of data and respects user rights under applicable law.

Type of Data We Collect:

The data we collect varies depending on the products and services you use and may include:

• License/Subscription Information: This data is used to identify legitimate users and to maintain the communication between the product and Protectstar services, which includes sending and receiving product databases, updates, etc.
• Product Information: Information about the product's operation and its interaction with the user, like the duration of threat scans or the frequency of feature usage, is collected to improve our products and make them more user-friendly.
• Device Data: Information like device type and operating system is collected to ensure that users do not need to purchase a new license after reinstalling their operating system. It also assists us in analyzing cyber threats by determining the prevalence of specific threats across various devices.
• Threats Detected: When a threat (new or known) is found on a device, we collect information about it. This allows us to analyze the threat's source, infection principles, etc., leading to improved protection for all users.
• Information on Installed Applications: This information assists in creating "whitelists" of harmless applications, prevents false identification of such applications as malicious, and helps update categories for Parental Control and Application Startup Control features. It also allows us to offer security solutions that best meet user needs.

PROTECTSTAR ONLY PROCESSES PERSONAL DATA FOR SPECIFIC, PREDEFINED PURPOSES THAT ALIGN WITH APPLICABLE LAWS AND ARE RELEVANT TO OUR BUSINESS OPERATIONS.

When you install or utilize our Services, they operate in your device's background or environment, helping predict potential threats and providing enhanced protection for you, your devices, and your data. For example, Protectstar may leverage this information to:

• Examine data transacted to and from your devices to isolate, identify, and inform you about threats, vulnerabilities, viruses, suspicious activities, and cyberattacks;
• Engage in threat intelligence networks, undertake research, and adapt products and services in response to emerging threats;
• Detect potential misuse of your data through our identity monitoring products;
• Update antivirus databases;
• Offer technical support for products and services, and enhance the quality of the same;
• Perform statistical and other studies based on anonymized data.

To Run Our Business

We also use the information we collect for other business purposes, including to:

• Authenticating your identity and mitigating fraud;
• Analyzing user behavior to measure, customize, and improve our site and services, including new product development;
• Promoting Protectstar products and services that may be of interest to you;
• Providing customer support, troubleshooting issues, managing subscriptions, and addressing requests, questions, and comments;
• Undertaking market and consumer research along with trend analyses;
• Preventing, detecting, identifying, investigating, and responding to potential or actual claims, liabilities, prohibited behaviors, and criminal activities; and
• Complying with and enforcing legal rights, requirements, agreements, and policies.

Additional Uses

We may also utilize Personal Data for activities where we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you when you provide Personal Data or as per your consent.

How long do we store your Personal Data?

The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house servers in Germany.

Protectstar will keep your Personal Data for the minimum period necessary for the purposes set out in this Policy, namely (i) for as long as you are a registered subscriber or user of our products or (ii) for as long as your Personal Data is necessary for connection with the lawful purposes set out in this Policy, for which we have a valid legal basis or (iii) for as long as is reasonably necessary for business purposes related to the provision of the Services, such as internal reporting and reconciliation purposes, warranties or to provide you with feedback or information you might request. Where required by law, we will delete your biometric data within three years of your last interaction with the Services.

In addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional periods as are necessary for connection with that claim.

Once the above mentioned periods, each to the extent applicable, have concluded, we will either permanently delete, destroy, or de-identify the relevant Personal Data so that it can no longer reasonably be tied to you.

The selective extracted and transmitted data, as listed above, are stored for the duration, as is technically necessary. As a rule, this is only a few seconds before the data is securely deleted from our servers by a high-security deletion standard. In addition, for randomized sample testing, some transmitted installed package information is stored anonymized in the form of statistics.

In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.

Who Do We Share Personal Data With?

At Protectstar, we value your privacy. Rest assured, we do NOT share or sell the data you provide with any third parties.

How Do We Protect Your Data?

We use administrative, organizational, technical, and physical safeguards to protect the Personal Data we collect and process. Our security controls are designed to maintain data confidentiality, integrity, and an appropriate level of availability.

What Choices Do You Have About Your Personal Data?

If one of our Android app products is installed on your device, you may stop Protectstar’s collection of Personal Data from your device by uninstalling that product.

Individual Rights in Personal Data

In accordance with applicable law, you may have the right to:

1. Request confirmation of whether we are processing your Personal Data.
2. Obtain access to or a copy of your Personal Data.
3. Receive a portable copy of your Personal Data, or ask us to send that information to another organization (the "right of data portability").
4. Seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Data.
5. Restrict our processing of your Personal Data.
6. Object to our processing of your Personal Data.
7. Request erasure of Personal Data held about you by us, subject to certain exceptions prescribed by law.

If you would like to exercise any of these rights, don't hesitate to get in touch with us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we may take steps to verify your identity before fulfilling your request. For some requests and where permitted by law, an administrative fee may be charged. We will advise you of any applicable fee before performing your request.

Children’s Privacy

Some of Protectstar’s Services provide security features that parents may use to monitor their child’s activity online, physical location, or use of a registered device. These Services require parental consent, and we do not knowingly use the Personal Data we collect from children’s devices for any purpose except to deliver the Services. These products allow parents to delete their child’s profile at any time. If you believe we have collected information from your child in error or have questions or concerns about our practices relating to children, please contact us as described below. If you are under 18, you must have your parent’s permission to access the Services.

Protectstar urges parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission. If you learn that your child has provided us with Personal Data without your consent, you may alert us by contacting us as described below. Suppose we know that we have collected any Personal Data from children under 13 (and in certain jurisdictions under 16). In that case, we will promptly take steps to delete such information and terminate the child’s account.

Data Transfers

Protectstar is headquartered in the United States (see Contact Us for addresses), and we have operations, entities, and service providers in the United States and throughout the world. As such, our service providers and we may transfer your Personal Data to, or store or access it in jurisdictions that may not provide equivalent data protection levels as your home jurisdiction. We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it.

Residents of the European Economic Area

We do NOT transfer Personal Data to countries outside of the EEA or Switzerland through a series of intercompany agreements based on the Standard Contractual Clauses in accordance with EU law and applicable EU regulations.

Data Controller

Where you purchase one of Protectstar’s consumer products, Protectstar Inc. acts as the Controller of your Personal Data.

Legal Basis for Processing

When we process your Personal Data, we will only do so in the following situations:

• We need to use your Personal Data to perform our contract responsibilities with you (e.g., processing payments and providing the Services you purchase or request).
• We have a legitimate interest in processing your Personal Data. For example, we have a legitimate interest in processing your Personal Data to provide, secure, and improve our Services, communicate with you about changes to our Services, and inform you about new services or products.
• We have your consent to do so. We need to process your Personal Data to comply with our legal obligations.

Individual Rights Requests and Withdraw Consent

You may submit a request to exercise your rights in Personal Data using the mechanisms explained under “What Choices Do You Have About Your Personal Data?” above. If you initially consented to our processing of your Personal Data, you may withdraw your consent using those mechanisms or by contacting us using the contact information below.

Data Subject's Rights

Protectstar® respects your control over your information. Upon request, we will confirm whether we hold or process data collected from you. You have the right to amend or update inaccurate or incomplete personal data, request deletion of your personal data, or request that we no longer use it. As a data subject, you are entitled to the following rights:

• right to request access to your personal data from Protectstar,
• right to rectify your personal data if inaccurate (including completing incomplete personal data),
• right to request the erasure of your personal data,
• right to request the restriction of processing your personal data,
• right to object to processing, and
• right to data portability.

Under certain circumstances, we may not fulfill your requests, such as when it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves unnecessary cost or effort. However, we will respond to your request within thirty (30) days and provide an explanation in any event.

The rights holder treats the data received from the end-user as part of this statement under the privacy policy for rights holders. This policy can be viewed at https://www.protectstar.com/en/legal-notice.

California Privacy Rights

If you are a California resident, you may have additional privacy rights.

Changes to This Privacy Policy

We reserve the right to revise or modify this Disclosure to reflect changes in our data practices. If we make any material changes, we will notify you by email (sent to the address specified in your account) or through a notice on our website before the change becomes effective. We encourage you to periodically review this page for the latest information on our privacy practices.

This Policy is reviewed and updated at least annually, and we will use reasonable means to inform you and, where necessary, obtain your consent for material changes.

Contact Us

If you have questions or requests about personal data or privacy, please contact us at https://www.protectstar.com/en/contact.

You can make a request online or email us at