Categories
News Tech

VidMate WARNING: Report Shows The App Drains Battery, Charges Users and Exposes Personal Information

Vidmate has been installed by over 5 million users until now, lured by the promises of offline streaming. With the app, Android users could download any video from YouTube, Vimeo, and other platforms like WhatsApp, Facebook, Twitter, and so on. While it was a great service, offering users with a low or unreliable internet connection, users that had an expensive data plan a way to stream videos on mobile phones. The popular video downloading app was developed by a subsidiary of UC Web (which is owned by the Chinese tech giant Alibaba) and got very popular in Asian countries, like India.

Upstream’s Secure-D Reported VidMate as Being a Dangerous App

However, the service came with a high cost that users had no idea they were paying. According to security searchers at a mobile tech firm from London, called Upstream, VidMate had a suspicious activity. At the Upstream Secure-D security lab, researchers unveiled the suspicious activity at VidMate in their report:

“A hidden component within the app delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent and collects personal users’ information. Consequently, it depletes users’ data allowance and brings unwanted charges.”

The app is not available in Google Play Store but can be downloaded as an APK from various sources.

The CEO of Upstream, Guy Krief, said that whoever downloaded and opened VidMate, has surrendered “control of their phone and personal information to a third party,” adding that while users cannot see the ads displayed, the “phone and its connection become part of a botnet and are used to commit ad fraud, at the expense of its owner … and his privacy.”

The app also requests suspicious permissions, such as:

  • allows the app to create windows on top of others
  • allows the app to install and download other unknown apps without asking or notifying the user
  • allows the app to read and write system settings
  • allows the app to access the user’s device log files, which contain sensitive information.

Delete VidMate to Protect Your Privacy, Data, and Money

The Upstream report urges users to delete VidMate to remedy the issues of battery drainage, charges of premium content without the users’ knowledge, data usage and privacy breach, adding that installing apps from outside Google Play Store is dangerous:

“VidMate is a reminder of the serious dangers of installing software from sources other than the official Google Play Store. The financial and privacy risks of letting misleading and abusive apps onto your device are simply not worth it.”

Here’s a short video from Upstream on VidMate’s suspicious activity:

A VidMate spokesperson was interviewed by BuzzFeed and stated that the app has no such knowledge of the suspicious activity, but they will investigate it. The spokesperson used the name Jiatao Chen and didn’t provide basic information of the funders and executives of the app, refusing to confirm his name or title. However, he stated:

“No only do we not program such practices into our core app, we have a zero-tolerance policy because it is in VidMate’s interest to protect our users against such detrimental practices.”

Chen also added that they are investigating the issue and VidMate has terminated the relationship with a partner (Nonolive) that was included in the Upstream report.

VidMate Spokesperson about Mango’s SDK: “Vidmate will terminate relationship with and blacklist this company”

The suspicious activity began with Vidmate installing a software development kit from Mango, which loaded the hidden ads and signed up users to premium services. The activity would take place when users didn’t use their phones. One spokesperson from VidMate stated that if the “SDK really is performing ad fraud, Vidmate will terminate relationship with and blacklist this company.”

UCWeb and VidMate responded to BuzzFeed News, with a UCWeb spokesperson saying that the app and trademark were sold to a start-up called Guangzhou Nemo Fish Technology Co., in 2018 and that they are not involved in Vidmate’s operations, but have maintained a business collaboration.

VidMate’s Suspicious Activity Started Long Before It Was Sold to the Start-up

The issues with VidMate were first revealed by Upstream when the company began providing security services to mobile carriers in some developing countries, and Krief found that VidMate “was number one in terms of block attempts over the past six months” compared to other apps monitored by Upstream. Guy Krief stated that Upstream saw and blocked suspicious transactions from VidMate before UCWeb sold VidMate:

“We saw some first small volumes of suspicious transaction requests in October 2017 and it progressively ramped up until April 2018 when it then started being at a different scale.”

As a response, the UCWeb spokesperson stated in an email that they could not respond to these accusations until they see the data and all the details, adding that Upstream didn’t contact them to give them the information.

Keep your personal information safe and use trustworthy apps that you can find on Google Play Store. Alternatively, use the Lite versions of social media apps to save data.

Categories
Tech

Apple Will Demand All App Store Apps To Link To Privacy Policies

Apple notified App Store apps developers to place links to their privacy policies, as shown by 9to5Mac. Until now Apple required that only for those subscription-based apps, but with this new decision, Apple extended this guideline to all App Store apps.

However, it’s not explicitly stated if the already-launched apps’ devs have to add links to privacy policy, but they should do it as soon as they release new updates. On the other hand, according to 9to5Mac, the developers must tell users how and what data the apps gather, as well as how the data is going to be used. The devs also have to detail how users unsubscribe and/or delete their private data.

The new guidelines will come in place on October 3rd, and Apple stated that the already-existing apps on the App Store that don’t show a privacy policy link are not obliged to add one until they roll out an update after October 3rd. Otherwise, apps that won’t comply with the new rules would be removed.

Apple adopts new privacy policy guidelines for App Store apps due to the recent issues regarding private data leaks

With all that Cambridge Analytica and Facebook scandal that emerged in March and the adoption of the GDPR across the European Union, protecting users’ private data has become crucial for developers and tech companies.

In order to avoid any possible issues, Apple adopted this new regulation regarding privacy and is now forcing App Store apps to add links to their devs privacy policies that explain to users what data the apps collect and how the information is used. However, Apple is not demanding this from already-existing apps if they don’t add new updates.

As mentioned, the new guidelines regarding privacy policies for the new App Store apps will come into effect on October 3rd.

Exit mobile version