Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud

posted by martyb on Tuesday August 25 2020, @03:12PM   Printer-friendly
from the can't-be-too-careful dept.

upstart writes in with an IRC submission:

Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud:

A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.

According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server.

The malicious iOS SDK has been named "SourMint" by Snyk researchers.

"The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information."

"Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application," Miller added.

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK (6.3.5.0), with the first version of the malicious SDK dating back to July 17, 2019 (5.5.1). The Android version of the SDK, however, doesn't appear to be affected.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Bot on Wednesday August 26 2020, @08:10AM (1 child)

    by Bot (3902) on Wednesday August 26 2020, @08:10AM (#1042032) Journal

    > Do you really believe in getting something for nothing?

    LOL I could argue about the advantages of making a comparatively microscopic contribution to free software vs. maintaining a proprietary stack dependent on somebody's infrastructure, but it's you who have the burden of proof, as it is your POV that slaps reality in the face. Free software has won already. It has won the battle, the enemy has reorganized and is looking for legal means to weaponize and neutralize it. But it has won the battle and your POV denies reality, which is bad trolling style.

    --
    Account abandoned.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by barbara hudson on Saturday August 29 2020, @03:44AM

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Saturday August 29 2020, @03:44AM (#1043633) Journal

    Free software has lost, having been completely cooped by big businesses. I don't know anyone except myself who actually runs a Linux distro on a former Window laptop, and the experience is worse than it was 10 years ago.

    Android? An advertising platform, pure and simple. Chromebooks? Gotta keep the public tied into all that server-based software that is data mined for profit.

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.