What data does Pareto Security send to the Internet?

Featured post image
Published: 2022/11/29 By: Amon Stopinsek

Knowing what the apps installed on your Mac are sending out to the internet is crucial if you care about privacy. A simple toolbar app such as Pareto Security shouldn’t send any unnecessary and potentially privacy-violating data. And we don’t! Read below how you can verify our claim.

SpyBuster is a tool for analyzing network traffic from apps. You can see where the apps are sending data.

  1. Download and install SpyBuster.
  2. Go to Dynamic Analysis and click Start.
  1. Keep SpyBuster open and start using the apps you want to analyze.
  2. After a few minutes of clicking around, SpyBuster logged some network traffic.

Pareto Security app traffic analysis

While checking if there’s an available update for the Pareto Security app, the app sent requests to paretosecurity.com and github.com.

A new version was found and the app update was downloaded from GitHub.

The first request for checking available update (https://paretosecurity.com/api/updates?uuid=358CE4B5-75F7-56F7-B3FF-FF7150A610D4&version=1.7.45&os_version=13.0.1&distribution=app-live-team) included additional data – random device id, version of the app, macOS version, and type of distribution (personal, team).

On the server side this data is sent to Mixpanel. The data is used to estimate the number of active users, monitor progress of the app updates, and to know which OS versions to support.

We don’t collect personal information. We are working on replacing Mixpanel with a more privacy focused solution like we did by replacing Google Analytics with Plausible on our website.

Since the requests to paretosecurity.com and github.com use HTTPS, the SSL certificates were verified.

For Team users, the app has to communicate with the dashboard. It has to:

  • fetch settings, for the list of checks required by the team,
  • send the status of the checks to the dashboard for monitoring the security settings of the device in the dashboard and email reports.

Sentry is used to track app performance and collect anonymized error logs.

Amon Stopinsek

Amon is a Senior Software Engineer in Niteo.

See other posts »