Categories
News Tech

VidMate WARNING: Report Shows The App Drains Battery, Charges Users and Exposes Personal Information

Vidmate has been installed by over 5 million users until now, lured by the promises of offline streaming. With the app, Android users could download any video from YouTube, Vimeo, and other platforms like WhatsApp, Facebook, Twitter, and so on. While it was a great service, offering users with a low or unreliable internet connection, users that had an expensive data plan a way to stream videos on mobile phones. The popular video downloading app was developed by a subsidiary of UC Web (which is owned by the Chinese tech giant Alibaba) and got very popular in Asian countries, like India.

Upstream’s Secure-D Reported VidMate as Being a Dangerous App

However, the service came with a high cost that users had no idea they were paying. According to security searchers at a mobile tech firm from London, called Upstream, VidMate had a suspicious activity. At the Upstream Secure-D security lab, researchers unveiled the suspicious activity at VidMate in their report:

“A hidden component within the app delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent and collects personal users’ information. Consequently, it depletes users’ data allowance and brings unwanted charges.”

The app is not available in Google Play Store but can be downloaded as an APK from various sources.

The CEO of Upstream, Guy Krief, said that whoever downloaded and opened VidMate, has surrendered “control of their phone and personal information to a third party,” adding that while users cannot see the ads displayed, the “phone and its connection become part of a botnet and are used to commit ad fraud, at the expense of its owner … and his privacy.”

The app also requests suspicious permissions, such as:

  • allows the app to create windows on top of others
  • allows the app to install and download other unknown apps without asking or notifying the user
  • allows the app to read and write system settings
  • allows the app to access the user’s device log files, which contain sensitive information.

Delete VidMate to Protect Your Privacy, Data, and Money

The Upstream report urges users to delete VidMate to remedy the issues of battery drainage, charges of premium content without the users’ knowledge, data usage and privacy breach, adding that installing apps from outside Google Play Store is dangerous:

“VidMate is a reminder of the serious dangers of installing software from sources other than the official Google Play Store. The financial and privacy risks of letting misleading and abusive apps onto your device are simply not worth it.”

Here’s a short video from Upstream on VidMate’s suspicious activity:

A VidMate spokesperson was interviewed by BuzzFeed and stated that the app has no such knowledge of the suspicious activity, but they will investigate it. The spokesperson used the name Jiatao Chen and didn’t provide basic information of the funders and executives of the app, refusing to confirm his name or title. However, he stated:

“No only do we not program such practices into our core app, we have a zero-tolerance policy because it is in VidMate’s interest to protect our users against such detrimental practices.”

Chen also added that they are investigating the issue and VidMate has terminated the relationship with a partner (Nonolive) that was included in the Upstream report.

VidMate Spokesperson about Mango’s SDK: “Vidmate will terminate relationship with and blacklist this company”

The suspicious activity began with Vidmate installing a software development kit from Mango, which loaded the hidden ads and signed up users to premium services. The activity would take place when users didn’t use their phones. One spokesperson from VidMate stated that if the “SDK really is performing ad fraud, Vidmate will terminate relationship with and blacklist this company.”

UCWeb and VidMate responded to BuzzFeed News, with a UCWeb spokesperson saying that the app and trademark were sold to a start-up called Guangzhou Nemo Fish Technology Co., in 2018 and that they are not involved in Vidmate’s operations, but have maintained a business collaboration.

VidMate’s Suspicious Activity Started Long Before It Was Sold to the Start-up

The issues with VidMate were first revealed by Upstream when the company began providing security services to mobile carriers in some developing countries, and Krief found that VidMate “was number one in terms of block attempts over the past six months” compared to other apps monitored by Upstream. Guy Krief stated that Upstream saw and blocked suspicious transactions from VidMate before UCWeb sold VidMate:

“We saw some first small volumes of suspicious transaction requests in October 2017 and it progressively ramped up until April 2018 when it then started being at a different scale.”

As a response, the UCWeb spokesperson stated in an email that they could not respond to these accusations until they see the data and all the details, adding that Upstream didn’t contact them to give them the information.

Keep your personal information safe and use trustworthy apps that you can find on Google Play Store. Alternatively, use the Lite versions of social media apps to save data.

Categories
Tech

Alphabet Shuts Down Google Plus Due To Private Data Leak

Alphabet Inc will eliminate the consumer version of its erroneous social network Google Plus, and made its data sharing policies stricter, as they announced yesterday that a private data leak affecting at least 500,000 people happened. According to the announcement, several hundred external developers accessed users’ data.

In a review posted by Google on its official blog, the giant Internet company announced that no developer exploited the vulnerability or misused data. Also, according to the Wall Street Journal, Google did not reveal its security issues because it feared regulatory scrutiny.

Google did not want a comparison with Facebook

Google, the renowned Internet giant, feared of people comparing it with Facebook which was involved in a private data leak scandal along with Cambridge Analytica. According to the Wall Street Journal, Sundar Pichai, the Google chief executive, was briefed on this problem, but Google offered no official statement.

“Users have the right to be notified if their information could have been compromised. This is a direct result of the scrutiny that Facebook dealt with regarding the Cambridge Analytica scandal,” explained Jacob Lehmann, the Managing Director at the legal firm Friedman CyZen.

Google Plus and its version for businesses

Google launched its Google Plus social network in 2011 in a movement to compete with Facebook which, back then, became the world’s first social media platform.

Google Plus adopted Facebook’s status updates and news feeds, while it also allowed people to organize groups of friends into what the Internet giant called “circles.” However, Facebook implemented many features in comparison with Google Plus. Furthermore, the Google Plus bug found this Monday exposed users to a private data leak, such as name, email address, occupation, gender, and age, as reported by Google.

The Google Plus for enterprises would remain valid, while the Google company would implement new features to forbid private data leak.

Exit mobile version