« Back to Blog

Mintegral Controversy: Which Apps Use the Mintegral SDK?

Mintegral Controversy: Which Apps Use the Mintegral SDK?

The United States and China are engaged in a budding “Tech Cold War.” While 5G, Huawei, and TikTok dominated the early rounds, the latest controversy comes courtesy of Mintegral, a Chinese ad network accused by the US/UK-based security company Snyk of spying on user activity and committing ad fraud.

 

Before we go much further here, we should clarify something. Even if we assume Snyk’s accusations are legit (and they very well may not be), it’s quite possible that lumping them into the geopolitical tug-of-war playing out between the two largest economies in history is off base. Nevertheless, whenever user privacy comes into play, headlines are written.

 

That said, we at 42matters specialize in app and SDK data and analytics — meaning we know which apps have leveraged the Mintegral SDK. So, we figured we’d share some of the facts on the ground. In this piece we’ll address the following questions:

 

  • What are the allegations against Mintegral?
  • Are the allegations against Mintegral true?
  • Which apps use the Mintegral SDK?

 

 

Ready? Let’s begin!

 

 

What are the allegations against Mintegral?

 

First things first. What exactly is Snyk alleging? Here’s the relevant snippet from their release:
“The Snyk research team has uncovered malicious behavior in a popular Advertising SDK used by over 1,200 apps in the App Store which represent over 300 Million downloads per month, based on industry expert estimates.”

 

Quick parenthetical here, Snyk estimates that the Mintegral SDK can be found on over 1,200 iOS apps. According to our data, it’s actually over 2,200 apps. More on this later…

 

In any case, Snyk’s release claims that the malicious code was uncovered in the iOS version of the Mintegral SDK and dates back to July 2019. They allege that the code is capable of spying on user activity — which may include personally identifiable information — by logging URL-based requests made through the app and saving it to a third-party server. Snyk also believes that the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the publisher of the application.

 

How does the alleged scam work? According to Snyk:

 

  • Developers download the Mintegral SDK from the Mintegral website and load it onto their iOS app. 
  • The SDK then injects code into standard iOS functions within the application. This code executes when the app opens a URL, including app store links, from within the app. 
  • This gives the SDK access to a significant amount of data, potentially even private user information.
  • The SDK also specifically examines these open URL events to determine if a competitor’s ad network SDK was the source of the activity.

 

Snyk was unclear, however, about how this data was being used once it was uploaded to the logging server. Their belief is that this information provides important data about user activity, which can be sold to other parties for data analysis.

 

Are the allegations against Mintegral true?

While 42matters does provide a variety of SDK insights, verifying whether or not they’re malicious is not our current area of focus. In addition, we’re staunch believers in the presumption of innocence.

 

Nevertheless, it suffices to say, the folks over at Mintegral deny these assertions. In an August 25th rebuttal, the company insisted that they “take matters of privacy and fraud very seriously and are conducting a thorough analysis of these allegations and where they are coming from.”

 

In an email exchange with John Koetsier over at Forbes, Mintegral’s North American marketing manager said “our SDK collects information through a publicly available OS-level Apple API. We use this data to select the most relevant advertisement when our ad network is called to fill an ad request. This is a standard industry technique for the purpose of identifying the most appropriate ad for a user.”

 

For what it’s worth, Apple told Information Security Media Group that there's no evidence to suggest apps with the SDK are harming users. Nevertheless, they emphasized that app developers should be cautious when implementing any third-party code or SDKs into their apps due to potential privacy and security issues.

 

At this juncture, Apple has not taken any action against the SDK or the apps using it.

 

Which iOS apps use the Mintegral SDK?

 

While we’re in no position either to corroborate or dispute Snyk’s claims, we can tell you which iOS apps currently use the Mintegral SDK. Indeed, by leveraging the SDK intelligence feature of the 42matters Explorer, we found:

 

  • Some 2,295 published iOS apps have integrated the Mintegral SDK
  • Of these, 1,928 apps accounted for an estimated 557 million downloads in August 2020 alone

 

Based on our data, we believe these 20 apps to be the most popular ones that use the Mintegral SDK. In this case, we determined popularity by calculating the estimated total downloads for each app in August 2020:

 

1. Magic Tiles 3: Piano Game by Amanotes Pte. Ltd. 

2. Cube Surfer! by Voodoo 

3. Brain Wash! by SayGames LLC 

4. Tiles Hop - EDM Rush by Amanotes Pte. Llt

5. Tie Dye by Crazy Labs

6. Join Clash by Supersonic Studios Ltd

7. Beat Blade: Dash Dance by BattleCry HQ Studio 

8. Build Roads by Rollic Games

9. Braindom: Brain Games Test by Matchingham Games Limited

10. Color Roll 3D by Good Job Games

11. Wobble Man by Ohayoo

12. Stairway to Heaven! by Lion Games Entertainment

13. Office Life 3D by Good Job Games

14. Puppy Town by Smillage

15. Dancing Road: Color Ball Run! by Amanotes Pte. Llt.

16. Jelly Fill by DualCat

17. Touchdown Master by Voodoo

18. I Can Paint by Crazy Labs

19. Solitaire by Zynga

20. Fun Race 3D by Good Job Games

 

What about Mintegral’s Android SDK?

 

There are currently no accusations against Mintegral’s Android SDK. Nevertheless, prudent developers and Ad Networks might want to keep a tab open on this until the issue is resolved. So, for our part, we’ll give you the basics:

 

  • Currently, 5,112 Android apps have integrated the Mintegral SDK
  • Of these, 4,373 have accounted for roughly 1.3 billion downloads in August 2020 alone
  • Moreover, the top 20 Mintegral-enabled Android apps, based on downloads, were downloaded 289 million times in the same time frame.

 

Bottom Line...

This story is far from over. While we can’t conclude that Snyk’s claims are false or whether Mintegral is, in fact, committing fraud, we can nevertheless offer our technology as a way to monitor which apps use their SDK, or any other potentially malicious SDK. Indeed, in order to better understand the scope of such allegations, it’s critical for businesses to have the best possible data on hand.

 

Snyk, for instance, is a security company. They’re primarily concerned with helping their customers uncover malicious software — not obtaining app data. So, while their release cited that some 1,200 iOS apps were using the Mintegral SDK, our data suggests that it was closer to 2,200 apps. Moreover, while they estimated that these iOS apps were downloaded roughly 300 million times per-month, we found that these apps amassed over 557 million downloads in August 2020 alone. In other words, they may have unearthed a far more dangerous thing than they realize!

 

Moreover, for Ad Networks, such scams are PR nightmares. No advertiser wants to pay for dummy clicks, so if it turns out their advertising partners are placing their ads on apps that use potentially pernicious SDKs, they’ll take their business elsewhere. As such, Ad Networks should use every tool at their disposal to identify risks as early as possible.  

 

Finally, it should be noted that the claims against Mintegral are in no way unprecedented. Ad fraud is a growing threat to the mobile app economy, with roughly $19 billion dollars stolen in 2018. In fact, we’ve written extensively about this issue and how Ad Networks and other businesses can leverage our app data to fight back.

 

More App Market Insights from 42matters

At 42matters, we provide app and SDK data, insights, and analytics via a host of useful APIs, file dumps, and the 42matters Explorer. This includes:

 

  • Developer details
  • Download history by country
  • Top charts
  • Ratings, reviews, and rankings
  • Technical insights, including SDKs, permissions, and app-ads.txt.
  • Categories and IAB categories
  • And more

The 42matters Explorer is an app market research tool that offers a comprehensive look at app trends and statistics. This includes data on both iOS and Android apps. Moreover, our APIs facilitate programmatic access to app intelligence data from both Google Play and the Apple App Store, as well as the Amazon Appstore, Tencent Appstore, Apple TV App Store, Fire TV, and the Roku Channel Store.

 

To learn more about 42matters, schedule an appointment with one of our app market experts. We’ll walk you through everything.