iOS SDK caught stealing click revenue from other ad networks – Digitalmunition




Featured mintegral-sdk.png

Published on August 24th, 2020 📆 | 1742 Views ⚑

0

iOS SDK caught stealing click revenue from other ad networks

In an explosive report published today, developer security firm Snyk claims it found malicious code inside a popular iOS SDK used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month.

According to Snyk, this malicious code was hidden inside the iOS SDK of Mintegral, a Chinese-based advertising platform.

Mintegral provides this SDK to Android and iOS app developers for free. Developers use the SDK to embed ads inside their apps with just a few lines of code, in order to cut down development time and costs.

But Snyk claims the iOS version of this SDK contains malicious features that sit silently in an iOS app’s background and wait for a tap on any ad that’s not its own (mobile apps regularly use multiple advertising SDKs to diversify their ads and monetization strategies).

When an ad tap takes place, the Mintegratal SDK hijacks the click referral process, making it appear to the underlying iOS operating system that the user clicked on one of its ads, instead of a competitor’s, effectively robbing revenue from other SDKs and advertising networks.



Image: Snyk

Logging user information as well

But while it appears that Mintegral is engaging in ad fraud, Snyk claims the SDK also contains other sneaky functions aimed at logging and collecting user-related information.

“Snyk further learned that the Mintegral SDK captures details of every URL-based request that is made from within the compromised application,” the company said in a blog post today.

This information is logged and then sent to a remote server, and includes details such as:

  • the URL that was requested, which could potentially include identifiers or other sensitive information
  • headers of the request that was made which could include authentication tokens and other sensitive information
  • wherein the application’s code the request originated which could help identify user patterns
  • the device’s Identifier for Advertisers (IDFA), which is a unique random number used to identify the device and the unique hardware identifier of the device, the IMEI.

“The attempts by Mintegral to conceal the nature of the data being captured, both through anti-tampering controls and a custom proprietary encoding technique, are reminiscent of similar functionality reported by researchers that analyzed the Tik Tok app,” said Alyssa Miller, Application Security Advocate at Snyk.

“In the case of SourMint [codename given by Snyk to the Mintegral iOS SDK], the scope of data being collected is greater than would be necessary for legitimate click attribution,” Miller added.

Snyk did not release a list of iOS apps using the Mintegral SDK; however, the company said that the first version of the SDK where they found the malicious code was v5.5.1, released on July 17, 2019.

iOS users have no way of telling if they’re using an app that secretly loads the Mintegral SDK, so there’s little they can do to safeguard their private information and browsing habits. Nonetheless, app developers can use the information from the Snyk report to review their app codebases and remove the SDK, or downgrade to a version where the malicious code is not present.

Neither Apple nor Mintegral have returned requests for comment.

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...