An Android video app called Snaptube has been taking unauthorized premium purchases from its users and generating fraudulent ad clicks.
Snaptube lets its approximately 40 million users download videos from Facebook, YouTube and others, TechCrunch reported.
The app was made in China, and it’s not on the Google Play store because Google doesn’t allow video downloading apps.
Some analysts said Snaptube has over 1 billion downloads, and the developer of the app said it’s safe.
The security firm Upstream discovered the app is manipulating users for data. According to Upstream’s CEO Guy Krief, users of the app get invisible ads that run silently on their phones without their knowledge or consent.
The unseen ads help to generate revenue, and they use up battery power and mobile data. Snaptube uses the same method to charge users for purchases they never actually bought.
Krief said the only way a user would notice would be when the battery power on a phone decreases and user data usage goes up. Also, the phone could get warm for no reason.
A third-party software development kit (SDK) called Mango has been blamed for the bad behavior. The Mango SDK has also been used in the apps Vidmate and 4shared.
Upstream said Mango downloads more things than it is given permission for, from a central server that handles the fraudulent activity, and it hides that activity using clandestine actions.
When the news broke that Vidmate’s app was performing actions similar to Snaptube, Upstream said activity that was considered suspicious dropped right away for Snaptube.
“Our assumption back then was they’re probably also using similar code, and they went silent because of all the publicity,” Krief said.
However, the activity resumed two months later.
“We didn’t realize the Mango SDK was exercising advertising fraud activities, which brought us major loss in brand reputation,” Snaptube said. “After the user complained about the malicious behavior of the Mango SDK, we quickly responded and terminated all cooperations with them. The versions on our official site as well as our maintained distribution channels are free of this issue already.”