Blogs

Home Blogs Technology

Secure-D Exposes Suspicious Android App with 500 Million Downloads

3 weeks   ago  /  154

Upstream, a leading mobile technology company, has unveiled that the popular Android application VidMate triggers suspicious background activity. Hidden software within the app delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent and collects personal users’ information. Consequently, it depletes users’ data allowance and brings unwanted charges.

With over 500 million downloads reported, VidMate is a popular Android application for streaming and downloading videos and songs from services such as Dailymotion, Vimeo, and YouTube. It is not available in the Google Play Store but is distributed through third-party app stores like CNET or Uptodown. According to publicly available information, VidMate was developed by a subsidiary of UC Web, which is owned by Chinese conglomerate Alibaba.

Over a recent period Upstream’s security platform, Secure-D, detected and blocked nearly 130 million suspicious mobile transactions initiated by VidMate. These transactions originated from close to 5 million unique mobile devices across 15 countries. If not blocked, they would have subscribed users to premium digital services potentially costing them up to $170m in unwanted charges.

Guy Krief, CEO of Upstream, commented: “Mobile advertising is a multi-billion dollar industry on the rise and a very fertile ground for fraud. The VidMate example, whereby a single app is responsible for 130 million suspicious transaction attempts over a few months, is cause for great concern. The growing sophistication of disguised malware calls for an ever more vigilant approach. In the fight against digital fraud ongoing technological innovation is key”.

Most of the suspicious activity, which is still ongoing, was largely centered in 15 countries. 43 million of the suspicious transactions flagged by Secure-D are coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. Among the top affected markets are also Ethiopia, Nigeria, Malaysia and Kuwait. These are countries where digital payments via mobile airtime are common and often the only way to make financial transactions, as most people are unbanked.

The Secure-D lab tests also revealed that VidMate consumes battery life and bandwidth, eating up more than 3GB of data per month. That could add up to users paying $100 a year in mobile data charges. In markets such as Brazil, this represents nearly half a month’s work paid at minimum wage.

Finally, the Secure-D investigation found that -at the time of the investigation-1 VidMate collected personal user information, such as International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI) or IP address, and transferred them to servers in Singapore, belonging to Nonolive, a China-based company funded by Alibaba, among others, according to publicly available information.

“VidMate is only one case. Secure-D detects more than 170 new malicious apps every day”, added Krief. “While mobile fraud is mostly targeting advertisers, it also affects consumers greatly; Eats up their data allowance, brings unwanted charges, messes with the performance of their device, targets and collects user personal data. It is an epidemic calling for increased mobile security that urgently needs to rise up in the industry’s priority list”.

About Secure-D
Upstream’s security platform Secure-D combines machine learning algorithms with payment processing workflows to protect mobile operators and their subscribers against online transaction fraud and data depletion, caused by all types of malware and other online threats. In 2018 alone, Secure-D processed over 1.8 billion mobile transactions, detected and blocked over 63,000 malicious apps in 16 countries.

About Upstream
Upstream is a London based leading mobile technology company. Its pioneering product suite provides 1.2 billion people in developing countries with affordable and secure access to digital services on their mobile devices. Upstream’s Zero-D service provides free access to the internet essentials to 250 million mobile users in Latin America and Africa even when they have run out of data. Upstream works with over 60 mobile operators, across more than 45 high growth markets, leveraging their unique assets to boost and create new revenue streams in the data era.

Comments