In recent days, media outlets have reported on what appeared to be a malware problem with Snaptube, the Android app used to download videos online. Since we’re talking about the most downloaded app in the Uptodown catalog, we thought it would be appropriate to clarify the situation. Mobiuspace, the Chinese company that created Snaptube, published a press release stating that the problem was thoroughly solved in the app’s last update released this past August. Apparently, the problem was associated with the use of a third-party SDK that, after verifying that it performed illegal actions in the background, was removed from the app immediately. And as expected, all subsequent versions are completely clean.
The problem was detected by the Upstream Secure-D security platform, who explained the issue in detail in a recent article. Apparently, Mango SDK was showing ads in the background, hidden from the user, and performing fraudulent clicks to subscribe them to premium payment services. In order to clarify the situation, the company that developed the app released a statement. After analyzing the software, we can also say we corroborate such statement:
We recognize the malware issue around Snaptube app from the source of Upstream (https://ift.tt/2JcIK86). We are reaching out to provide further clarification. Recently, news broke out about suspicious activity in Snaptube, related to our collaboration with a third party known as Mango SDK, which allowed fraudulent ad practices that run against our beliefs and commitment with our users.
Since August 16th, the date we noticed the issue directly relate to this third party SDK, we took immediate actions and released an update which took Mango SDK off in the subsequent versions, as well as sent out notifications to all users to update to the latest version through in-app pushes and notifications.
In addition, there are many small channels & developers promote old versions of our apk or even counterfeit versions of Snaptube, which we could not regulate or control. We re-emphasized through various social media channels that the current versions downloaded from our official site (https://snaptube.com and https://snaptubeapp.com) and a few other main third party app stores (such as UptoDown & Aptoide) in which we personally maintained are covered in the update.
While we regret that the epidemic of the fraud activity may not get down to an absolute zero after multiple actions took to disassociate the SDK’s influence over existing users, partly may due to that SDK is running in the background of those users who haven’t yet updated.
We firmly believe in our core value of “create value for users”, and having SDKs that endangering our users are something we couldn’t tolerate ourselves. We’ve decided to take our step furthermore to offline all third party advertising SDKs to avoid further complications, we are also looking to take initiative to achieve potential collaboration with security monitoring company like Upstream to constantly monitor our app to prevent similar issues.
As was declared in the previous statement, we’re keeping Snaptube as part of the Uptodown catalog and continue to collaborate with its developers to keep the app updated with the latest version. In fact, we recommend that you always keep all your apps updated. And we take our advice one step further since our official native app lets you know when one of the apps you’ve installed has a new version available.
No comments:
Post a Comment