Categories
News Tech

VidMate WARNING: Report Shows The App Drains Battery, Charges Users and Exposes Personal Information

Vidmate has been installed by over 5 million users until now, lured by the promises of offline streaming. With the app, Android users could download any video from YouTube, Vimeo, and other platforms like WhatsApp, Facebook, Twitter, and so on. While it was a great service, offering users with a low or unreliable internet connection, users that had an expensive data plan a way to stream videos on mobile phones. The popular video downloading app was developed by a subsidiary of UC Web (which is owned by the Chinese tech giant Alibaba) and got very popular in Asian countries, like India.

Upstream’s Secure-D Reported VidMate as Being a Dangerous App

However, the service came with a high cost that users had no idea they were paying. According to security searchers at a mobile tech firm from London, called Upstream, VidMate had a suspicious activity. At the Upstream Secure-D security lab, researchers unveiled the suspicious activity at VidMate in their report:

“A hidden component within the app delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent and collects personal users’ information. Consequently, it depletes users’ data allowance and brings unwanted charges.”

The app is not available in Google Play Store but can be downloaded as an APK from various sources.

The CEO of Upstream, Guy Krief, said that whoever downloaded and opened VidMate, has surrendered “control of their phone and personal information to a third party,” adding that while users cannot see the ads displayed, the “phone and its connection become part of a botnet and are used to commit ad fraud, at the expense of its owner … and his privacy.”

The app also requests suspicious permissions, such as:

  • allows the app to create windows on top of others
  • allows the app to install and download other unknown apps without asking or notifying the user
  • allows the app to read and write system settings
  • allows the app to access the user’s device log files, which contain sensitive information.

Delete VidMate to Protect Your Privacy, Data, and Money

The Upstream report urges users to delete VidMate to remedy the issues of battery drainage, charges of premium content without the users’ knowledge, data usage and privacy breach, adding that installing apps from outside Google Play Store is dangerous:

“VidMate is a reminder of the serious dangers of installing software from sources other than the official Google Play Store. The financial and privacy risks of letting misleading and abusive apps onto your device are simply not worth it.”

Here’s a short video from Upstream on VidMate’s suspicious activity:

A VidMate spokesperson was interviewed by BuzzFeed and stated that the app has no such knowledge of the suspicious activity, but they will investigate it. The spokesperson used the name Jiatao Chen and didn’t provide basic information of the funders and executives of the app, refusing to confirm his name or title. However, he stated:

“No only do we not program such practices into our core app, we have a zero-tolerance policy because it is in VidMate’s interest to protect our users against such detrimental practices.”

Chen also added that they are investigating the issue and VidMate has terminated the relationship with a partner (Nonolive) that was included in the Upstream report.

VidMate Spokesperson about Mango’s SDK: “Vidmate will terminate relationship with and blacklist this company”

The suspicious activity began with Vidmate installing a software development kit from Mango, which loaded the hidden ads and signed up users to premium services. The activity would take place when users didn’t use their phones. One spokesperson from VidMate stated that if the “SDK really is performing ad fraud, Vidmate will terminate relationship with and blacklist this company.”

UCWeb and VidMate responded to BuzzFeed News, with a UCWeb spokesperson saying that the app and trademark were sold to a start-up called Guangzhou Nemo Fish Technology Co., in 2018 and that they are not involved in Vidmate’s operations, but have maintained a business collaboration.

VidMate’s Suspicious Activity Started Long Before It Was Sold to the Start-up

The issues with VidMate were first revealed by Upstream when the company began providing security services to mobile carriers in some developing countries, and Krief found that VidMate “was number one in terms of block attempts over the past six months” compared to other apps monitored by Upstream. Guy Krief stated that Upstream saw and blocked suspicious transactions from VidMate before UCWeb sold VidMate:

“We saw some first small volumes of suspicious transaction requests in October 2017 and it progressively ramped up until April 2018 when it then started being at a different scale.”

As a response, the UCWeb spokesperson stated in an email that they could not respond to these accusations until they see the data and all the details, adding that Upstream didn’t contact them to give them the information.

Keep your personal information safe and use trustworthy apps that you can find on Google Play Store. Alternatively, use the Lite versions of social media apps to save data.

Categories
Tech

Dangerous Android Apps on Google Play Store Can Steal Your Money

Android is the most popular mobile OS for smartphones, but that doesn’t mean that every app which is compatible with Android is safe. Even more concerning is that there are some dangerous Android apps on Google Play Store that can steal your money, according to a recent ESET report.

As reported by ESET, several cybercriminals managed to bypass Google Play Store’s security measures and upload dozens of apps packed with malware that can steal your money on Google’s Android apps store. According to ESET, these apps come as device cleaners, horoscope apps, and battery optimizers.

What more concerning regarding these malicious apps is that they are designed to send and receive SMS to and from the infected smartphones, which can bypass the two-factor authentication methods and grant access for the cybercriminals to internet banking apps or other private applications. Besides, the infected apps can download additional programs and ‘clone’ any other application that is already installed on the infected smartphones.

Dangerous Android Apps on Google Play Store Can Steal Your Money

“Fortunately, these particular banking Trojans do not employ advanced tricks to ensure their persistence on affected devices. Therefore, if you suspect you have installed any of these apps, you can simply uninstall them under Settings > (General) > Application manager/Apps,” ESET stated.

“We also advise you to check your bank account for suspicious transactions and consider changing your internet banking password/PIN code,” the IT security experts of ESET added.

According to ESET, we can avoid installing such malicious apps by only downloading Play Protect-verified apps from Google Play Store, having a trustworthy anti-malware software up and running on our devices, and always installing the latest Android security patches as soon as they roll out. In addition to all that, we shouldn’t install suspicious applications, including horoscope apps, unknown device cleaners, or low-profile battery optimizers, and we must only rely on apps with plenty of reviews and from trustworthy developers.

Exit mobile version