Upstream,
a leading mobile technology company, has unveiled that the popular
Android application VidMate triggers suspicious background activity.
Hidden software within the app delivers invisible ads, generates fake
clicks and purchases, installs other suspicious apps without consent and
collects personal users’ information. Consequently, it depletes users’
data allowance and brings unwanted charges.
This press release features multimedia. View the full release here:
https://www.businesswire.com/news/home/20190522005501/en/
With over 500 million downloads reported, VidMate is a popular Android
application for streaming and downloading videos and songs from services
such as Dailymotion, Vimeo, and YouTube. It is not available in the
Google Play Store but is distributed through third-party app stores like
CNET or Uptodown. According to publicly available information, VidMate
was developed by a subsidiary of UC Web, which is owned by Chinese
conglomerate Alibaba.
Over a recent period Upstream’s security platform, Secure-D,
detected and blocked nearly 130 million suspicious mobile transactions
initiated by VidMate. These transactions originated from close to 5
million unique mobile devices across 15 countries. If not blocked, they
would have subscribed users to premium digital services potentially
costing them up to $170m in unwanted charges.
Guy Krief, CEO of Upstream, commented: “Mobile advertising is a
multi-billion dollar industry on the rise and a very fertile ground for
fraud. The VidMate example, whereby a single app is responsible for 130
million suspicious transaction attempts over a few months, is cause for
great concern. The growing sophistication of disguised malware calls for
an ever more vigilant approach. In the fight against digital fraud
ongoing technological innovation is key”.
Most of the suspicious activity, which is still ongoing, was largely
centered in 15 countries. 43 million of the suspicious transactions
flagged by Secure-D are coming from devices in Egypt, 27 million from
Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million
from South Africa. Among the top affected markets are also Ethiopia,
Nigeria, Malaysia and Kuwait. These are countries where digital payments
via mobile airtime are common and often the only way to make financial
transactions, as most people are unbanked.
The Secure-D lab tests also revealed that VidMate consumes battery life
and bandwidth, eating up more than 3GB of data per month. That could add
up to users paying $100 a year in mobile data charges. In markets such
as Brazil, this represents nearly half a month’s work paid at minimum
wage.
Finally, the Secure-D investigation found that -at the time of the
investigation-1 VidMate collected personal user information,
such as International Mobile Equipment Identity (IMEI), International
Mobile Subscriber Identity (IMSI) or IP address, and transferred them to
servers in Singapore, belonging to Nonolive, a China-based company
funded by Alibaba, among others, according to publicly available
information.
“VidMate is only one case. Secure-D detects more than 170 new
malicious apps every day”, added Krief. “While mobile fraud is
mostly targeting advertisers, it also affects consumers greatly; Eats up
their data allowance, brings unwanted charges, messes with the
performance of their device, targets and collects user personal data. It
is an epidemic calling for increased mobile security that urgently needs
to rise up in the industry’s priority list”.
For the full report on the investigation & further resources please click
here
-ENDS-
About Secure-D
Upstream’s security platform Secure-D
combines machine learning algorithms with payment processing workflows
to protect mobile operators and their subscribers against online
transaction fraud and data depletion, caused by all types of malware and
other online threats. In 2018 alone, Secure-D processed over 1.8 billion
mobile transactions, detected and blocked over 63,000 malicious apps in
16 countries.
About Upstream
Upstream
is a London based leading mobile technology company. Its pioneering
product suite provides 1.2 billion people in developing countries with
affordable and secure access to digital services on their mobile
devices. Upstream’s Zero-D service provides free access to the internet
essentials to 250 million mobile users in Latin America and Africa even
when they have run out of data. Upstream works with over 60 mobile
operators, across more than 45 high growth markets, leveraging their
unique assets to boost and create new revenue streams in the data era.
1 March 2019
View source version on businesswire.com: https://www.businesswire.com/news/home/20190522005501/en/