In a good 1200 ios apps, according to an analysis "bosy code", which is introduced by the sdk of an advertising company. The ios version of the sdk’s chinese company mintgral has been with code for a good year of code, with which click fraud carried out to carry out the activities of the app user by recording all url-based inquiries less, the safe snyk security company writes – also sensitive data be transmitted.
Sdk allegedly takes url inquiries
The sdk should be able to intercept any url request within the app and use this for the purpose of clicking on clicks on the advertising banners delivered by other sdks, it is called in the analysis of snyk – thus clawing the competitor’s advertising revenue. Advertising apps often integrate sdks of various advertising providers.
The advertising sdk at the same time stores all url retrieval within the app and transfer them to the own server with additional information such as the advertising id (idfa) of the gerate – a unique id that ios for apps provides. It is unclear what happens with these possibly sensitive data on the servers of the provider. Mintegral attempts at the same time to disguise the behavior through various techniques, snyk writes, the sdk "observed" – for example, by a debugger or in the ios simulator – it switches off the vicious behavior. This could also help that apps with the integrated sdk appear to come through apple’s proubling process in the app store, so security company.
No list of affected apps
A list of the names of the apps that have integrated the mintegral sdk has not been published so far. However, snyk points out that including popular apps be with scattered 300 million downloads per month – should the estimates be right, extremely demanded apps had to be below. Whether it is mainly affected by ios games in the chinese market, or also internationally popular apps, remains open for the time being. For end users, it is practically impossible to understand which third-sdks has integrated an app.
You have not seen any proof that the mintegral sdk uses a pity, explained apple to zdnet. App developers are responsible for the sdks that they integrate into their apps. Therefore, the protective functions of the operating system are extended, so the manufacturer, ios 14 makes it difficult, for example, the secret access to user data.