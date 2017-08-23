English
中文
日本語
한국어
Español
Français
العربية
Latest
All
MWC17 Americas
MWC17 Shanghai
Mobile 360 – Africa 2017
Show Dailies
MWC17
MWL TV 2017
Whitepapers
Mobile 360 – Privacy & Security 2017
Apps
All
Analysis
Blogs
Focus
News
Videos
Asia
All
Analysis
Blogs
News
Videos
In Brief
Devices
All
Analysis
Blogs
News
Videos
Money
All
Analysis
Blogs
News
Videos
Blog
All
Justin Springham
Saleha Riaz
Chris Donkin
Steve Costello
Kavit Majithia
Joseph Waring
Michael Carroll
MWL TV
All
Mobile World Live TV 2017
Interviews
Features
Event Keynotes
Webinars
Insight
All
Whitepapers
Webinars
Reports
e-Books
Case Studies
CEO
Partner
Showfloor
Language
English
中文
日本語
한국어
Español
Français
العربية
HomeAppsNews

Compromised ad SDK found in 500 Google Play apps

23 AUG 2017

An advertising software development kit (SDK) called Igexin, which can spy on users through otherwise benign apps by downloading malicious plugins, was found in around 500 Google Play apps by security company Lookout.

Lookout informed Google of the functionality and the apps were removed or updated.

These apps were downloaded over 100 million times, although not all are confirmed to have downloaded the malicious spying capability.

According to The Register, user activity was fed back to a Chinese company, based on the fact the igexin.com domain registrar is a Beijing-based business named Xin Net Technology Corporation.

“It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time downloading malicious code from a remote server,” explained Christoph Hebeisen, engineer manager, security R&R at Lookout.

Igexin was described as “somewhat unique” because the developers themselves are not creating the malicious functionality, nor are they in control or even aware of it because the activity comes from an Igexin-controlled server.

The apps containing the SDK included games targeted at teens, one of which clocked up between 50 million and 100 million downloads, along with weather, internet radio, photo editors, education, health and fitness, travel and emojis.

Typically, mobile apps use advertising SDKs to make it easy for developers to leverage advertising networks and deliver ads to customers.

In late July, Google said it found 20 Lipizzan spyware apps on the Play Store “distributed in a targeted fashion to fewer than 100 devices”, and blocked the apps as well as their developers from the Android ecosystem.

Author

Saleha Riaz

Saleha joined Mobile World Live in October 2014 as a reporter and works across all e-newsletters - creating content, writing blogs and reports as well as conducting feature interviews...More

Read more

Related

Google unveils Oreo-flavoured Android

Google acquires AIMatter to advance AI ambitions

YouTube seeks sharing boost with chat feature
Apps

Tags

Featured Content

Feature: MWC Shanghai 2017 Day 2 highlights

Interview: Ulf Ewaldsson, Ericsson

Feature: MWC Shanghai 2017 Day 1 highlights

Follow Mobile World Live

Get Our Newsletter

About Us| Sales & sponsorship| Meet the team| Legal| Terms of use| Contact Us

© 2017 GSM Association. The GSMA, Mobile World Live, Mobile World Congress, and Mobile World Congress Shanghai terms and logos are trademarks of the GSM Association