Recently, we learned that security company Snyk discovered malware hidden in the Mintegral adware development kit (SDK) for iOS. According to Mintegral’s response, in a press release issued on August 25, the developers “take privacy and fraud issues very seriously and are conducting a thorough analysis of these allegations and their origin.”
What malware claims, Jeff?
If you don’t have time to read the previous article, I’ll make a long story. Snyk claims to have discovered that Mintegral’s SDK was committing fraud in two ways. First, the code is supposed to divert ad clicks in apps, making the user appear to have gone through Mintegral’s ad provider instead of their competitors.
Second, according to Snyk, the SDK code also sends your personally identifiable information without your knowledge. This can include usernames, authentication tokens, IMEI, etc.
Mintegral “ firmly denies ” any wrongdoing
According to Mintegral, the SDK collects information and provides it to its advertising network. The SDK does this through a public Apple API designed for this purpose. This, however, is an industry standard. The API helps target the ads so that they are relevant to you, the user.
Mintegral even went so far as to email Apple about Snyk’s malware allegations. On August 24, the developers received a response from Cupertino. In this email, Apple said so “[has] saw no evidence that the Mintegral SDK harms users. Additionally, this part of the SDK is deprecated for iOS 14.
We will continue to monitor these allegations. When we know more, we will be sure to pass the information on.