Even though it claims to be an ecosystem impregnable to malicious code, one of them was discovered in its iOS version by cybersecurity company Snyk. Apple has claimed to have seen no evidence that the SDK pointed out is harming its users.
The malicious code discovered was hidden in the SDK of the Chinese advertising platform Mintegral – and it is currently used by more than 1,200 applications, involving 300 million monthly downloads.
(Software development kit (SDK) or Software Development Kit is a set of tools that allow you to create applications for a certain operating system. Developers use it to include third-party elements in their apps without having to create their own code. ad networks allow the app to display advertisements automatically, forwarding part of the revenue generated to the app creator.)
theft of recipes
In this case, when the user taps any ad other than one from the Chinese company, the SDK makes it look like the user has clicked on an Mintegral ad.
The malicious SDK hijacks the user’s click, increasing its visibility at the expense of other platforms.Source: Synk/Reproduction
Nicknamed “SourMint,” the SDK was, according to Snyk, well hidden, quietly stealing revenue from other ad networks (many apps use multiple ad SDKs to diversify their monetization).
Lust Puzzle is a dating app in game form that uses the Mintegral SDK.Source: App Store/Reproduction
Even though iOS apps run in a sandbox, the SDK collects browsing data and sends it to a remote server. “This includes in-app chats and texting,” said Snyk co-founder and security director Danny Grander. Most of the affected apps are games, but there are more sensitive ones, such as dating apps.
According to Snyk, the malicious versions of the SDK are 5.5.1 (released in 2019) and higher. Which apps were affected were not disclosed. Mintegral says it is “conducting a thorough analysis of these allegations.”