Recently, we learned that security firm Snyk had uncovered malware hidden inside the Mintegral advertising software development kit (SDK) for iOS. According to Mintegral’s response, a press release issued on August 25, the developers “takes matters of privacy and fraud very seriously and are conducting a thorough analysis of these allegations and where they are coming from.”
Which Malware Allegations, Jeff?
If you don’t have time to read the previous article, I’ll make a long story short. Snyk claims they have found that Mintegral’s SDK commits fraud in two ways. First, the code supposedly hijacks ad clicks within apps, making it appear that the user has gone through Mintegral’s advertising provider instead of its competitors.
Second, according to Snyk, the SDK code also sends your personally identifiable information without your knowledge. This could include usernames, authentication tokens, IMEI, and so forth.
Mintegral ‘Firmly Denies’ Any Wrongdoing
According to Mintegral, the SDK does collect information and provide it to its advertising network. The SDK does this through a public Apple API designed for this purpose. This, though, is an industry standard. The API helps target ads so they are relevant to you, the user.
Mintegral has even gone so far as to email Apple about Snyk’s malware allegations. On August 24, the developers received a reply from Cupertino. In that email, Apple said it “[has] not seen any evidence the Mintegral SDK is harming users.” Furthermore, that part of the SDK is being deprecated for iOS 14.
We will continue to monitor these allegations. When we know more, we’ll be sure to pass the information along.