The apple devices they have always presumed to be the safest on the market, now, this can be questioned. In a popular advertising SDK Chinese mobile it has been found that contain malicious code capable of spying on iOS users and divert ad revenue, a new report claims.
According to security firm Snyk, MComprehensive SDK is used in 1,200 different iOS applications, with more than 300 million downloads per month, and therefore billions of total installations.
The free SDK is used by Android and iOS developers to embed third-party advertisements in your applications. However, the Mintegral SDK for iOS is said to hide malicious code that allows it to monitor user activity and steal ad revenue from its competitors.
Mintegral iOS SDK
In addition to the allegations related to ad attribution fraud, the Snyk report also claims that the iOS Mintegral SDK is designed to stealthily collect information about the user.
Reportedly, the SDK logs the details of all URL-based requests made through the compromised apps, before sending the information to a remote log server.
“Attempts to conceal the nature of the data being captured, both through tampering controls and a custom proprietary encoding technique, they recall similar functionality reported by researchers who analyzed the TikTok application“explained Alyssa Miller, Synk’s application security advocate.
Many popular apps were affected
“In the case of the Mintegral SDK, the scope of the data that are collected is greater than would be necessary for legitimate click attribution. “According to Snyk, the first malicious version of the SDK was released on July 17, 2019 and all subsequent versions were found to contain the same functionality.
The security company has refused to publish a list of affected applications, but states that “many popular apps were affected for the malicious activities of this SDK. “Mintegral has since issued a statement in which the firm denies any wrongdoing and gestures towards its continued cooperation with Apple.
Apple verifies that there is currently no danger
Mintegral has stated that takes privacy and fraud issues very seriously, and is conducting a thorough analysis of these allegations and where they come from. The organization also notes that Apple has spoken to investigators about their report and, in an email dated August 24, explained that he had not identified no evidence that the Mintegral SDK is used for spying to users.
