Security News

A severe security vulnerability in a popular video calling software development kit could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "Temi" personal robot.

Apps that tracked and sold people's whereabouts were more prevalent than perhaps first thought. A report out today has identified 450 Android apps downloaded 1.7 billion times that used SDKs to track the location of smartphones.

Neurotechnology announced the release of the SentiVeillance 8.0 software development kit. With SentiVeillance SDK, developers can create identification solutions that use live video streams from digital surveillance cameras or video files.

Zoom also unveiled a public beta for OnZoom, an online events platform and marketplace for paid Zoom users who want to create, host and monetize classes, concerts or fundraisers via the Zoom Meetings platform. The first Zapps will be distributed in the Zoom experience by the end of year and open to developers soon afterward, according to a Zoom blog.

Okta further extended its Okta Devices Platform Service capabilities to developers through the Okta Devices SDK. Using the Okta Devices SDK, developers can enable passwordless authentication through branded push notifications with biometric capabilities, minimizing friction for end-users and increasing security posture. "This dynamic landscape has placed an extra emphasis on today's modern businesses to be relevant across every device. The Devices SDK takes the customizability and security of the Okta Identity Cloud and puts it in the hands of developers everywhere."

Single sign on provider Okta is opening its platform to third-party developers with a new Okta Devices SDK and an accompanying API that it said will allow developers to "Leverage the power of Okta Verify to build customized, secure, and seamless login experiences for their customers." Announced at Okta Showcase 2020, the new SDK was built for a mobile-first world that Okta said requires organizations to constantly deliver new bespoke and custom-tailored experiences for customers.

With the new Mobile SDK, TeamViewer offers a solution that ensures exactly that: if the smartphone user leaves the app to be supported, the screen contents on the support employee's side are greyed out. The SDK contains a collection of programming tools and libraries that allow developers to integrate the remote support functions of TeamViewer into their app as a white label solution - without much programming effort.

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.

Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store. Snyk says it has only identified the malicious behavior in iOS versions of the Mintegral advertising SDK; the code does not appear to be present in Android versions.