In an report published today by security research Synk has uncovered malicious behavior in a popular Advertising SDK used by over 1,200 apps in the AppStore which represent over 300 million downloads per month.SourMint the codename given by Snyk to the Mintegral iOS SDK first version of the SDK where they found the malicious code was v5.5.1, released on July 17, 2019
According to Synk
“The malicious code was uncovered in the iOS versions of the SDK from the Chinese mobile ad platform provider, Mintegral dating back to July 2019. The malicious code can spy on user activity by logging URL-based requests made through the app.”
This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information. Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application. “
The collected data includes
- OS Version
- IP Address
- charging state
- Mintegral SDK Version
- network type
- model
- package name
- IDFA
- URL
- request headers
- method name
- class Name
- backtrace data