Over 500 different Android apps that have been downloaded more than 100 million times from the official Google Play Store found to be infected with a malicious ad library that secretly distributes spyware to users and can perform dangerous operations.
Since 90 per cent of Android apps is free to download from Google Play Store, advertising is a key revenue source for app developers. For this, they integrate Android SDK Ads library in their apps, which usually does not affect an app’s core functionality.
But security researchers at mobile security firm Lookout have discovered a software development kit (SDK), dubbed Igexin, that has been found delivering spyware on Android devices.
Developed by a Chinese company to offer targeted advertising services to app developers, the rogue ‘Igexin’ advertising software was spotted in more than 500 apps on Google’s official marketplace, most of which included:
- Games targeted at teens with as many as 100 million downloads
- Weather apps with as many as 5 million downloads
- Photo editor apps with 5 Million downloads
- Internet radio app with 1 million downloads
- Other apps targeted at education, health and fitness, travel, and emoji
Chinese Advertising Firm Spying On Android Users
The Igexin SDK was designed for app developers to serve targeted advertisements to its users and generate revenue. To do so, the SDK also collects user data to help target interest-based ads.
Source: The Hacker News