Recently, we learned that security firm Snyk had uncovered malware hidden inside the Mintegral advertising software development kit (SDK) for iOS. According to Mintegralās response, a press release issued on August 25, the developers ātakes matters of privacy and fraud very seriously and are conducting a thorough analysis of these allegations and where they are coming from.ā
Which Malware Allegations, Jeff?
If you donāt have time to read the previous article, Iāll make a long story short. Snyk claims they have found that Mintegralās SDK commits fraud in two ways. First, the code supposedly hijacks ad clicks within apps, making it appear that the user has gone through Mintegralās advertising provider instead of its competitors.
Second, according to Snyk, the SDK code also sends your personally identifiable information without your knowledge. This could include usernames, authentication tokens, IMEI, and so forth.
Mintegral āFirmly Deniesā Any Wrongdoing
According to Mintegral, the SDK does collect information and provide it to its advertising network. The SDK does this through a public Apple API designed for this purpose. This, though, is an industry standard. The API helps target ads so they are relevant to you, the user.
Mintegral has even gone so far as to email Apple about Snykās malware allegations. On August 24, the developers received a reply from Cupertino. In that email, Apple said it “[has] not seen any evidence the Mintegral SDK is harming users.ā Furthermore, that part of the SDK is being deprecated for iOS 14.
We will continue to monitor these allegations. When we know more, weāll be sure to pass the information along.
