Researchers discovered a malicious functionality within the iOS MintegralAdSDK (aka SourMint), distributed by Chinese company Mintegral.
Functional flow of a user ad-click being hijacked by the Mintegral SDK
Major privacy concerns
According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers.
On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud by secretly accessing link clicking activity within thousands of iOS apps that use the SDK.
SourMint also spied on user link click activity, improperly tracking requests performed by the app and reporting it back to Mintegral’s servers. Snyk’s researchers exposed SourMint and responsibly disclosed the information to Apple, alerting them to the ..
Support the originator by clicking the read the rest link below.
