Security News > 2020 > August > Malicious Behavior Allegedly Found in Advertising SDK Used by 1,200 iOS Apps
Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store.
Snyk says it has only identified the malicious behavior in iOS versions of the Mintegral advertising SDK; the code does not appear to be present in Android versions.
According to Snyk, its researchers discovered what they described as malicious code in versions of the iOS SDK going back to 5.5.1.
Snyk says the SDK, which it has dubbed "SourMint," can allow Mintegral to steal revenue from other ad networks used by applications integrating the SDK. In addition to ad fraud, it allegedly harvests URLs accessed through applications that use the SDK - as well as other system and device information - which could provide the vendor access to highly sensitive information, as demonstrated by Snyk in a video.
UPDATE: Apple says it has spoken with the Snyk researchers to ensure that it's fully informed on the research, but the tech giant has found no evidence that apps using the Mintegral SDK are harming users.