In quite a serious report that was just very recently published, a developer security firm by the name of ‘Snyk’ says that it discovered some malicious code buried deep within a popular iOS SDK (Software Development Kit) that is used by more than 1,200 iOS apps which are downloaded over 300 million times per month.
Snyk is claiming that this malicious code was definitely hidden away inside the Mintegral iOS SDK. Mintegral is a Chinese-based ad network.
Mintegral gives out this SDK for free for use in developing iOS and Android and iOS app developers. Software creators use this SDK so they can embed advertisements within their apps easily, with very little code required.
Snyk is saying that the iOS version of contains malicious features that can go totally unnoticed in an iOS app’s background. Once there, it waits for a user to touch an ad that it doesnt own.
What that happens, the Mintegratal SDK takes over the referral process to trick iOS into thinking that the user instead clicked one of Mintegratal’s own ads, rather than the competitor ad that they actually were interested in enough to tap. This pretty much robs other SDKs and advertising networks out of their hard-earned dollars.
LOGGING USER INFORMATION AS WELL
It seems as though Mintegral is definitely committed fraud, but Snyk says the SDK has more than one trick up its sleeve. It also apparently includes a few other hidden functions that seem to be geared towards the collecting and logging of user-data
The company said in a blog post, ‘Snyk further learned that the Mintegral SDK captures details of every URL-based request that is made from within the compromised application.’
As it turns out, this user info is not only logged but also sent to a remote server, including things like:
- The requested URL. This could possibly give them identifiers and all kinds of other sensitive info.
- Request headers. These could have things like password tokens in them.
- The area of the app that the code came from. This can assist in the identification of a user’s patterns
- The device IDFA (Identifier for Advertisers). This number is unique to the device and the device’s IMEI.
Alyssa Miller, Snyk’s Application Security Advocate said, ‘The attempts by Mintegral to conceal the nature of the data being captured, both through anti-tampering controls and a custom proprietary encoding technique, are reminiscent of similar functionality reported by researchers that analyzed the Tik Tok app,’
Miller went on to say, ‘In the case of SourMint [codename given by Snyk to the Mintegral iOS SDK], the scope of data being collected is greater than would be necessary for legitimate click attribution.’
Snyk has not yet released a list of iOS apps that use the Mintegral SDK, but they did let us know which version of the SDK where they first found the malicious code. Version 5.5.1, it was released on the 17th of, 2019.
Featured Image Credit: [Snyk]