Have you heard of the news? If you haven’t, it’s really important that you check this out especially if you have been using VidMate. With over half a billion download worldwide, the app has been detected with suspicious behavior for over a year now.
UpStream’s security lab, Secure-D system has been detecting millions of suspicious behaviors and many of them came from users who downloaded VidMate. These are what they found.
VidMate has been showing you ads on the background with Call-to-action buttons that will put you up for a subscription without your consent. “The code used was intentionally obfuscated,” Upstream findings declare. These ads are essentially invisible.
Secure-D has blocked 128 millions of suspicious transactions, but it’s no guarantee that they managed to block everything. The surge of number of transactions that happen suspiciously like this alarmed UpStream to dive into further investigation.
VidMate has also been detected to have a partnership with a 3rd party SDK, called Mango. This is the party that executes these suspicious hidden ads which was declared legit by the system, but completely invisible to the users.
Ad fraudulent was generally the main reason UpStream began their investigation. But as they dove further in, in March 2019, the system was also detecting mass information robbery performed by the app. The app was collecting user information such as IMEI (International Mobile Equipment Identity), IMSI (International Mobile Subscriber Identity, and IP address.
The information was acquired, without users’ consent, of course, and sent to Singapore-owned servers, called Nonolive. Nonolive is a video streaming platform that works similar to Twitch. It has over 10 million downloads on Google Playstore and is funded by Alibaba.
The app is also abusing users permission by installing applications behind your back. As VidMate is not available on Google Playstore, users might have granted permissions to installing foreign apps and allowing these aliens to invade as well.
It essentially commands the app to install without prompting you anything and gain access to your data. It is able to read and write sensitive information that you store within your smartphone, putting you at a high-level security risk.
These are probably the least things we worry about, but fortunately the main signs some users notice. Users were alerted with their smartphones behaving strangely, many noticed it was after they downloaded VidMate. While it seems like a free app and that your data might have been drained from downloading too many videos, but no.
VidMate might have downloading unknown apks behind you, stealing your information by uploading them to the server, and loading multiple hidden ads.