Secure-D exposes suspicious Android app with 500 million downloads

Upstream’s security platform blocks 130 million suspicious mobile transactions initiated by popular Android video downloader VidMate hijacks mobile devices, eats up data, incurs unwanted charges & collects personal user info, potentially affecting over half a billion users London, May 20th, 2019  – Upstream, a leading mobile technology company, has unveiled that the popular Android application VidMate triggers suspicious background activity. Hidden software within the app delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent and collects personal users’ information. Consequently, it depletes users’ data allowance and brings unwanted charges. With over 500 million downloads reported, VidMate is a popular Android application for streaming and downloading videos and songs from services such as Dailymotion, Vimeo, and YouTube. It is not available in the Google Play Store but is distributed through third-party app stores like CNET or Uptodown. According to publicly available information, VidMate was developed by a subsidiary of UC Web, which is owned by Chinese conglomerate Alibaba. Over a recent period Upstream’s security platform, Secure-D, detected and blocked nearly 130 million suspicious mobile transactions initiated by VidMate. These transactions originated from close to 5 million unique mobile devices across 15 countries. If not blocked, they would have subscribed users to premium digital services potentially costing them up to $170m in unwanted charges.

Guy Krief, CEO of Upstream, commented: “Mobile advertising is a multi-billion dollar industry on the rise and a very fertile ground for fraud. The VidMate example, whereby a single app is responsible for 130 million suspicious transaction attempts over a few months, is cause for great concern. The growing sophistication of disguised malware calls for an ever more vigilant approach. In the fight against digital fraud ongoing technological innovation is key”.
Most of the suspicious activity, which is still ongoing, was largely centered in 15 countries. 43 million of the suspicious transactions flagged by Secure-D are coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. Among the top affected markets are also Ethiopia, Nigeria, Malaysia and Kuwait. These are countries where digital payments via mobile airtime are common and often the only way to make financial transactions, as most people are unbanked. The Secure-D lab tests also revealed that VidMate consumes battery life and bandwidth, eating up more than 3GB of data per month. That could add up to users paying $100 a year in mobile data charges. In markets such as Brazil, this represents nearly half a month’s work paid at minimum wage. Finally, the Secure-D investigation found that -at the time of the investigation- VidMate collected personal user information, such as International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI) or IP address, and transferred them to servers in Singapore, belonging to Nonolive, a China-based company funded by Alibaba, according to publicly available information.
“VidMate is only one case. Secure-D detects more than 170 new malicious apps every day”, added Krief. “While mobile fraud is mostly targeting advertisers, it also affects consumers greatly; Eats up their data allowance, brings unwanted charges, messes with the performance of their device, targets and collects user personal data. It is an epidemic calling for increased mobile security that urgently needs to rise up in the industry’s priority list”.
For the full report on the investigation & further resources please click here Upstream has worked with BuzzFeed News to bring this story to light. You can read their write-up here ### For more information please contact: Upstream Corporate Communications Ε: [email protected] P: +30210 6618532 +30210 6618507]]>

Disclaimer: The views and opinions expressed in this article/press release are those of the authors and do not necessarily reflect the approved policy or position of the GSMA or its subsidiaries.

Contact the GSMA

Please get in touch if you need more information or have any queries about anything you see on our website.

Contact us