Ads SDKs are causing Privacy Leak on Your Phone

You may have encountered the problem that your games and apps – which looks normal – has been identified as “high risk” by Trustlook antivirus. In this case, you need to check if they are genuine version from official Google Play, and upgraded to the newest version. Otherwise, those app might contain minor risk behavior that violates your privacy.

In this blog we’ll take the “Admogo” (http://www.adsmogo.com/) as an example, which is a famous Ads SDK emerged in China. They claimed to have more than 70k apps covered, with 1.1 billion requests per day. However, we found this SDK contains some code that may send your device IMEI number, location and phone number to the 3rd party servers, and might be use for commercial purpose.

Some well-known games and apps are also in the list (e.g. the old version 2.3.1 of “Don’t Tap The White Tile”, which now have 50m+ install on Google Play). They are malwares, but they do contain stealing behavior. To avoid installing these apps, we suggest you to get apps from Google Play, instead of from a less-known app markets or direct APK download.

Here’s some examples:

Package Name Still on Google Play? MD5
com.raesun.lovely.photo.frames No 0AE614389E861C562D77C9FB80A4B669
zhao.peng.you no 0BEE4547BE554C14D204520539264244
com.doirdfunia.photoartdroid no 0E9BAA19BBF60E8EFC41935C46AE5C79
cn.com.lw.fish no 05525E236F4C5EA5F7D7FB142F1BA171
com.doirdeditor.PhotoFunia no 10402A2E17DC14F23194EC414BECAE38
cn.bluesky.fourinalinekids yes
(newest version is clean)
0B8E1DECAC3EFE6FC5BA63D0EB655758
net.tomcoolz.android.livewallpaper no 0DB19A61974D31C5F813C0A4DAB2CB79
com.raesun.lovely.photo.frames no 0AE614389E861C562D77C9FB80A4B669
cn.chinabus.main yes 5CC96B42A91017184D04CD5F972CA2B4
com.umonistudio.tile yes
(newest version is clean)
EC0AA4AED20669BF68305D686CD94606
com.zjsj.chinachess yes
(newest version is clean)
07186A73DAF1ACD4E8DB9BBEC7F2FCD6
com.funny.camera no 0E31A11E26B4F3A0CCC11DB0A9BCE8E0

Screen Shot 2014-10-12 at 7.01.50 PM
Screen Shot 2014-10-12 at 7.02.01 PM

Detailed behavior in Admogo SDK:

Read personal information from your phone:
Get IMei:
Screen Shot 2014-10-10 at 5.53.20 PM

Get Phone Number:
Screen Shot 2014-10-10 at 5.45.07 PM

Get Location:
Screen Shot 2014-10-10 at 5.37.27 PM

Send Out Information:
Screen Shot 2014-10-10 at 5.26.57 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s