A Chinese advertising software development kit (SDK) called Igexin is back in the news that has the capability of spying on victims through otherwise benign apps by downloading malicious plugins.
Symantec has reported similar issues with this SDK already early 2015. Although they stated one of the features as “Download and execute external components in the host application”, they only classified it with a low risk impact.
Anyway, Appicaptor ever since has blacklisted all analyzed apps containing this SDK, based on its generic standard policy.
Analyses of our database have shown that the Google Play Store still contains apps utilizing this SDK with the functionality for remote code execution. Therefore, Appicaptor now also individually recognizes and blacklists the Igexin SDK, based on the intrusive design and the complete loss of trust.