Security News
Facebook is lambasting an upcoming Apple mobile operating system privacy update, which requires application to ask users for permission before collecting and sharing their data. In the iOS 14 update, Apple iPhone and iPad users have an explicit option to opt out of allowing apps to collect data using the Apple device identifier.
Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.
Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.
Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store. Snyk says it has only identified the malicious behavior in iOS versions of the Mintegral advertising SDK; the code does not appear to be present in Android versions.
According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers. On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud by secretly accessing link clicking activity within thousands of iOS apps that use the SDK. SourMint also spied on user link click activity, improperly tracking requests performed by the app and reporting it back to Mintegral's servers.
Verimatrix announced new protection for Bitcode-enabled iOS applications. Publishing an app to Apple's App Store with Bitcode enabled allows Apple to optimize the app's code for each target device.
Check out a developer's picks of 10 essential iOS apps, which focus on security, productivity, and more. Over the past 13 years, as iPhones and iPads have become fixtures in more users' lives, the number of apps and the Apple App Store ecosystem have expanded to offer services and apps that iOS users rely on each day.
Apple has released a fresh batch of software security updates for its flagship devices. For iOS and iPadOS the 13.6 update includes fixes for 29 CVE-listed vulnerabilities, 10 involving arbitrary code execution.
Microsoft's social-media-for-suits tentacle, LinkedIn, has attracted legal fire for allegedly peering at the clipboard of iOS devices. As well as doubtless making the podcast app a bit worse, the upcoming version of Apple's mobile OS also features a bunch of privacy features, including a notification telling the user when an app is reading from the device's clipboard.
Configure your iOS Lock Screen to block those picking up your device from reading messages, viewing the Today View, or interacting with Siri unless your device is unlocked first. We spend a lot of time on our mobile iOS devices and it may seem that securing our devices with Touch ID and Face ID is all we need to protect our data.