Protection against Igexin Advertising Network

A Chinese advertising software development kit (SDK) called Igexin is back in the news that has the capability of spying on victims through otherwise benign apps by downloading malicious plugins.

Symantec has reported similar issues with this SDK already early 2015. Although they stated one of the features as “Download and execute external components in the host application”, they only classified it with a low risk impact.

Anyway, Appicaptor ever since has blacklisted all analyzed apps containing this SDK, based on its generic standard policy.

Analyses of our database have shown that the Google Play Store still contains apps utilizing this SDK with the functionality for remote code execution. Therefore, Appicaptor now also individually recognizes and blacklists the Igexin SDK, based on the intrusive design and the complete loss of trust.

New App Model: Security App

Appicaptor has been enhanced with a new app model, which is named Security App. Security apps are supposed to improve or evaluate the overall security of a smartphone. For this monitoring of operating system and apps, security apps need to have critical permissions. These permissions require a very high security quality level to prevent attackers from exploiting the permissions through implementation flaws. Therefore Appicaptor rates flaws in these apps stronger than in other app models.

On the other hand, in case of no other flaws, the required permissions are not rated negativly by Appicaptor because they are required for this type of app.

Examples of security apps are:

  • Virus Scanners
  • App Lockers
  • Lockscreen Apps
  • Permission Examination Apps
  • Find My Phone Apps
  • Secret Folder Apps