Igexin use their advertising SDK to siphon user data back to their servers in China

Not all apps using the Igexin SDK were found to be collecting data, but they all had the potential to do it. (Source: Pixabay)

Igexin, the developer of an advertising software kit, has been caught collecting user data and sending it back to servers in China. Their kit was used in 500 legitimate applications and used the permissions granted to those apps to collect data such as call logs. Google has disabled the compromised applications while the developers replace the advertising APIs.

Craig Ward, Published 08/23/2017

In 2016, the Chinese firmware developer 'Adups' was caught inserting malicious code into firmware delivered to devices such as those by BLU and the B&N Nook. Now, in 2017, malware researchers from 'Lookout' have found that a software development kit (SDK) by Ixegin for inserting advertising was collecting user data and reporting it back to Igexin servers in China.

The researchers noticed that malware was being found on newly reset phones after they had made contact with Igexin's servers. The SDK was used in around 500 legitimate applications, several of which had over one million downloads and one had over 50 million downloads. Igexin was using the permissions granted to these apps to execute malicious commands designed to collect a range of data such as call logs, as well as silently downloading and running malicious code.

The researchers notified Google, who responded by disabling the compromised applications while developers issue updates using an alternative advertising SDK. None of the compromised applications have been identified since the app developers weren't aware of the malicious code, but the list of affected applications includes games, weather apps, photo editors, internet radio and more.

Source(s)

Bleeping Computer

Honey Quest uses technology to target ads based on the user's viewing habits. (Source: NY Times)

Android games found tracking users' TV viewing habits 01/01/2018

Lock screen advertising on Android (Source: Android Police)

Google Play removes most apps with lock screen ads 11/30/2017

Does that budget smartphone actually use both cameras on the back? (Image: Mrwhosetheboss, YouTube)

Dual-camera dupe: some smartphones with dual-camera setups only have one camera enabled 09/06/2017

Google Nexus 6P flagship and others receive August 2017 Android security patches

Google's August Android security patch now available for Nexus and Pixel devices 08/08/2017

Virus infections are relatively rare on Android, but the risk increases when the user allows side loading of apk files. (Source: gfkDSGN/Pixabay)

Android antivirus software relatively easy to beat 07/24/2017

The malware came pre-installed on various Android devices, including some Samsung phones

Severe malware infection discovered in 38 Android device models 03/10/2017

Loading Comments

Comment on this article

Samsung Bixby finally available wor...

New leak shows off Samsung Gear Fit...

Craig Ward - Tech Writer - 397 articles published on Notebookcheck since 2017

I grew up in a family surrounded by technology, starting with my father loading up games for me on a Commodore 64, and later on a 486. In the late 90's and early 00's I started learning how to tinker with Windows, while also playing around with Linux distributions, both of which gave me an interest for learning how to make software do what you want it to do, and modifying settings that aren't normally user accessible. After this I started building my own computers, and tearing laptops apart, which gave me an insight into hardware and how it works in a complete system. Now keeping up with the latest in hardware and software news is a passion of mine.

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 08 > Igexin use their advertising SDK to siphon user data back to their servers in China

Craig Ward, 2017-08-23 (Update: 2017-08-24)

Igexin use their advertising SDK to siphon user data back to their servers in China

Source(s)

Related Articles