by 
If you have been following the news or have watched YouTube videos chances are, you most definitely have come across blogs, videos, or ads related to data privacy & security. In today’s world, it’s hard to trust apps blindly and keep track of what information you may be giving out unknowingly.
It is even more difficult to track information that you have not given out explicitly but has somehow been accessed by some company you’ve never heard of, or directly interacted with.
Over the last few years, we have seen some of the biggest data breaches which revealed just how much personal data is usually harvested and sold to marketing firms. In most cases, the user isn’t clearly aware that he/she is actually willingly allowing the app or service they’re using, to use their data in that manner.
Looking at this from a mobile app perspective, we know that there are a ton of android apps out there that are designed to make our life easier and get things done efficiently. Many of these apps generally require permissions from the user but what exactly are they doing with the data collected?
When you deny a mobile app permission to collect personal data from your mobile device, it is reasonable to expect it to abide by that. But according to a study conducted by researchers, it is shown that this is not always the case. The journal mentions that apps can circumvent the android permission model and gain access to protected data without user consent by using both covert and side channels.
“Side channels, which are available in the permission system’s implementation, allow applications to access protected data and system resources without permission, whereas covert channels allow two colluding apps to communicate so that one app can share permission-protected data with another app that doesn’t have those permissions.”
What is Shelter?
Shelter is a Free and Open-Source (FOSS) app that makes use of the “Work Profile” feature of Android to provide an isolated space that you can install or clone apps into.
The is completely free with no ads or trackers whatsoever. The source code for the app can be found on GitHub as well.
What Features Does Shelter Offer?
- Shelter grants you the ability to run apps inside the isolated ‘work’ profile so that these apps cannot access your data outside the profile. This means that private data such as your contact list, images etc. cannot be accessed by the app at all.
- “Freeze” (disable) background-heavy or rarely-used apps when you don’t need them. This is especially true if you use apps from some companies who’s apps run in the background 24/7.
- Clone apps to use two accounts on one device
When Should You Use Shelter?
One of the primary reasons you’d want to use an app like Shelter is if you really need to use an app, but are concerned with the amount of data the app collects or takes.
The TrueCaller Story
For those of you that are unaware, TrueCaller is one of, if not the largest phone book service. The app is really useful. You simply download it and get instant access to caller ID features. The app is extremely useful as it allows you to view a caller’s ID even if the caller isn’t on your contact list. The app does a great job with this and takes it a step further. If a caller is a mass reported as a ‘spam’ call, the app will display this notification and allow you to automatically block such calls.
All of these features sound really great but did you ever think exactly how TrueCaller is getting this data? Have you ever wondered how your name and number show up on your friend Truecaller app when you have never even heard of, or used, the service?
Today we will break it down further.
How Does TrueCaller Source Its Data?
TechCabal offers one explanation as to how TrueCaller gets its data. He mentions the following points:
- “Permission-based” crowdsourcing:
When you sign up for TrueCaller, you have to give the app access to your phonebook on the device. If you want access to the app’s caller ID features and the app’s other functions, then you have to give up your contact list so other users can access the same functions you want.
- Integration with various telephone directories such as Yellow & White Pages. Note that these aren’t available in some countries.
- Truecaller also supports and partners with social media platforms to further aggregate data.
- Partnerships with third-party platforms that have access to user’s profiles and numbers.
- Voluntary additions: Truecaller also offers an option for its users to submit data to its database.
How Does Truecaller Use This Data?
The full scope of what TrueCaller does with the data is unknown. What we do know is that the data the app provides isn’t just posted up online without being confirmed by multiple sources.
For example, if I save my friend’s number as ‘Friend #1’ in my phone book, the app will take his name, number, and maybe even email address and upload it to its databases. That being said, TrueCaller may not show this name I saved him as to all their users that search him. Instead, data is verified from multiple sources to add context & make the data a lot more accurate.
Truecaller integrates with various social media platforms to provide context to the name and phone number it received from my contact list. Its algorithms will attempt to match images with names/phone numbers and tie those to a location.
Truecaller’s data collection abilities are nearly inescapable. Here’s some information about the data they collect according to their privacy policy:
“When You install and use the Services, Truecaller will collect personal information from You and any devices You may use in Your interaction with our Services.
This information may include e.g.: geo-location; Your IP address; device ID or unique identifier; device manufacturer and type; device and hardware settings; SIM card usage; applications installed on your device; ID for advertising; ad data, operating system; web browser; operator; IMSI; connection information; screen resolution; usage statistics;
default communication applications; access to device address book; device log and event information; logs, keywords, and metadata of incoming and outgoing calls and messages; version of the Services You use and other information based on Your interaction with our Services such as how the Services are being accessed (via another service, web site or a search engine); the pages You visit and features you use on the Services; the services and websites You engage with from the Services;
content viewed by You, content You have commented on or sent to us, and information about the ads You see and/or engage with; the search terms You use; order information and other usage activity and data logged by Truecaller’s servers from time to time. Truecaller may collect some of this information automatically through the use of cookies and You can learn more about our use of cookies in our Cookie Policy.“
From the privacy policy, it is evident that it doesn’t matter if you use TrueCaller or request to delete your information from Truecallers’ database. If just one person who has your number signs up for Truecaller then you’ll be back in.
How Will Shelter Help Me?
As mentioned above, shelter assists to isolate apps and prevents them from accessing data outside of the ‘sandbox’. This is perfect for apps like TrueCaller. As we saw above, TrueCaller does make use of our contact list.
If we use Shelter, we will be able to run TrueCaller in this isolated environment. The contact list in this environment or profile will contain nothing. Therefore, Truecaller will only have access to a blank phonebook which is great for privacy.
Do keep in mind that this ‘environment’ is new and therefore won’t have your Google account signed in and therefore play store won’t work in it unless you sign in to your Google Account.
For maximum privacy, you could install the APK directly into the shelter without using the Play Store.
If you are concerned about apps in Shelter not going to be able to display notifications then let me put your mind to ease. I personally use Shelter to run TrueCaller and I can confirm that when my phone rings, the TrueCaller overlay is displayed even though the app is installed into the Shelter profile and does not exist in my main profile.
Other Reasons Why Shelter Is Great
Thanks to Shelter, you can install all apps you don’t 100% trustfully. There are millions of apps out there and every now and again you might come across an app that you really need to use but are unsure about its safety. With the features Shelter offers, you can be sure that data contained in your main profile will remain safe and inaccessible from this ‘Shelter’.
IMPORTANT NOTE:
Shelter is not a full sandbox implementation. It cannot protect you from:
- Security bugs of the Android system or Linux kernel
- Backdoors installed in your Android system (so please use an open-source ROM if you are concerned about this)
- Backdoors installed into the firmwares (no way to work around this)
- Any other bugs or limitations imposed by the Android system.
Some vendor/ custom ROMs may have a broken implementation that may cause crashes and even brick of your device. One such example is MIUI from Xiaomi
Alternatives To Shelter
Some of you may already be familiar with the name Oasis Feng. For those unaware, Oasis Feng is the development of the popular Android App called Greenify which has over 10 Million downloads on the Play Store. Oasis Feng has come up with a great alternative to Shelter called Island. The island works pretty much the same as Shelter with the addition of a few extra privacy features such as requiring VPN usage on 1 side but not the other etc. It’s a great app overall and definitely works a try.
Conclusion
For those seeking a higher level of privacy, Shelter is the ideal choice. At APKs.me we love exploring and testing out apps that are truly useful like Shelter. We suggest you give it a try and take back control of your privacy even if it means tiny steps. The full scope of Shelter is endless. You could use this app for a number of purposes and it’s really convenient to use.
