Mobvista-owned ad network Mintegral has been accused of major ad fraud across over 1,200 apps.
As reported by Forbes, since July 2019, the number of installs the allegedly affected apps has seen is 300 million each month. One such application that is said to use the SDK is Helix Jump; the hypercasual game has amassed 500 million installs alone. Further apps affected include Outfit7’s Talking Tom, PicsArt, Playrix’s Gardenscapes and Sybo’s Subway Surfers, the latter of which recently broke three billion downloads.
The breach was first noticed by security firm Snyk, who informed Apple of the alleged issues last week.
“We identified an SDK malicious component that is getting integrated into different iOS applications and getting into the App Store. That SDK is distributed as a regular ad network, something that developers can use to monetize their apps through ads,” said Snyk chief security officer and co-founder Danny Grander.
Security breach
In summary, the SDK is supposedly tracking when users make app installs through an ad, and sending out a fake click to “steal” the attribution for the install, thus making money for Mintegral. Allegedly, hundreds of millions may have been earned through the reported scheme.
“Developers can sign up as publishers and download the SDK from the Mintegral site,” said Snyk.
“Once loaded, the SDK injects code into standard iOS functions within the application that execute when the application opens a URL, including App Store links, from within the app. This gives the SDK access to a significant amount of data and even potentially private user information. The SDK also specifically examines these open URL events to determine if a competitor’s ad network SDK was the source of the activity.”
Just a rumour
Mintegral has since responded to the accusations. Taking to Twitter (below), the Chinese company claimed “these allegations are not true. We are taking this matter very seriously and are conducting a thorough analysis of these allegations and where they are coming from.”
Our statement regarding recent SDK allegations.
Read more: https://t.co/Rva0yDg5TR pic.twitter.com/9VijVUMRFL— Mintegral (@MintegralInc) August 25, 2020
window.fbAsyncInit = function() {
// init the FB JS SDK FB.init({ appId : 250161755076617, // App ID //channelUrl : '//'+window.location.hostname+'/channel.php', // Path to your Channel File status : true, // check login status cookie : true, // enable cookies to allow the server to access the session xfbml : true // parse XFBML });
FB._PG = { url: "/useractions/loginfb/", response: "allowed",
// Common handler to fetch FB details and reload the page process: function(me){ $.post( FB._PG.url, { username: me.username, uname: me.name, uid: me.id, uimg: 'https://graph.facebook.com/' + me.id + '/picture?type=large' }) .done(function(xml){ if ( $("status", xml).text() == FB._PG.response ) window.location.reload(); else alert('Error: Something bad just happened. Our tech department has been notified. Please try again later.');
}) .fail(function(xml){
alert("Error: something wasn't right there, please try again.");
}); },
// Used by event subscriptions to handle the response handleResponse: function(response){ if (response.authResponse) { FB.api('/me', function(me){ if (me.name) FB._PG.process(me); }); } },
post: function(text, image){ image = image || $("#fb-image").attr("src"); FB.ui({ method: 'feed', display: 'popup', link: 'http://www.pocketgamer.biz/asia/news/74294/mintegral-alleged-ad-fraud/', description: text, picture: image }); } };
FB.Event.subscribe('auth.statusChange', FB._PG.handleResponse);
FB.Event.subscribe('edge.create', function(response) { $.post('/ajax/social-links/', { site: 'facebook' }); }); };
(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "http://connect.facebook.net/en_US/all.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));