Employees of the security company Snyk accused the Chinese Mintegral of spying on users and advertising fraud. The suspicious SDK was used in 1,200 applications on Apple devices, which were downloaded up to 300 million times every month.

Recently, a report by the security company Snyk appeared on the pages of Forbes. It follows from it that Mintegral does not work correctly and its SDK contains malicious functions.

  • click attribution fraud
    Developers often embed several advertising SDKs into applications at once.

This means that the user sees ads from different sources, but only those advertising platforms whose ad the person clicked on receive money. The catch is that Mintegral supposedly intercepts all these clicks and makes the application believe that an advertisement of Mintegral itself was clicked.

“They can intercept all traffic coming from the app,” says Snyk.

According to the company, this type of advertising fraud is unique for iOS. Similar schemes have been encountered more than once on Android, but on Apple devices – almost never.

This is a serious problem for the advertising ecosystem, since we are talking about the theft of hundreds of millions of dollars, according to Snyk.

  • collection of URLs and personal data of the user
    Another problem is that at the same time, the Mintegral SDK collects too much information from the device.

The advertising platform sees request headers, IP address, IDFA, URL, phone charge level and much more.

“This SDK also implements code into standard iOS mechanisms,” Snyk reports. “When a user navigates from the app to any URL (including navigating from the app to the App Store), the SDK gets access to a significant amount of data and even potentially personal user information.”

Meanwhile, Mintegral denies all charges.

“Our SDK collects information through Apple’s public API at the OS level. We use this data to select the most relevant advertisement when our advertising network is called to fulfill an ad request. This is a standard industry method for determining the most appropriate advertising for the user.”

Interestingly, Apple also defended the controversial SDK. The company said it found no evidence of harm to users from applications using the Mintegral SDK.

We should add that today Mintegral services are used by developers and publishers of applications such as Helix Jump, Topface, Talking Tom, PicsArt, Gardenscapes and Subway Surfers (the latter has been downloaded more than 3 billion times).

Also on the topic:

Share it with us, write to press@app2top.ru