Expert Comments

Popular iOS SDK Steals Click Revenue From Other Ad Networks – Expert Insight

Expert(s): Security Experts
Expert(s): Security Experts

Researchers have uncovered malicious code in a popular Advertising SDK used by over 1,200 apps in the AppStore which represent over 300 Million downloads per month. It was uncovered in the iOS versions of the SDK from the Chinese mobile ad platform provider, Mintegral dating back to July 2019  and can spy on user activity by logging URL-based requests made through the app.

Experts Comments

August 25, 2020
Ameet Naik
Security Evangelist
PerimeterX
Open source libraries and third-party SDKs are an inevitable reality for modern web and mobile applications. This Shadow Code—introduced without proper approvals or security validation—vastly expands the attack surface for any organization. While SDKs such as Mintegral can significantly cut down on development time and costs, they include hidden behaviors and with unexpected consequences. Along with ad fraud, this also exposes businesses to potential client-side data breaches, running afoul .....Read More
Open source libraries and third-party SDKs are an inevitable reality for modern web and mobile applications. This Shadow Code—introduced without proper approvals or security validation—vastly expands the attack surface for any organization. While SDKs such as Mintegral can significantly cut down on development time and costs, they include hidden behaviors and with unexpected consequences. Along with ad fraud, this also exposes businesses to potential client-side data breaches, running afoul of data privacy regulation such as CCPA and GDPR. Businesses must take control of Shadow Code in their web and mobile applications by following basic security best practices and by leveraging runtime behavioral analysis to detect and stop hidden code from compromising their user data. Consumers must continue to be vigilant about their personal data and monitor their credit reports for signs of fraudulent activity.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Telecoms Security Bill – What’s Missing?

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts