Popular App “Snaptube” Caught Leaking Data and Installing Malware

With the help of smartphone softwares, users can obtain videos and audio files from numerous websites, including Facebook, Instagram, and YouTube. Snaptube is a software which claims to have 40 million users. It has a number of possible risks even though it may seem like a handy tool for downloading material. This article will explore some of these threats and how to stay safe when using video-downloading applications.

Last week, the Digital Security Helpdesk at SMEX received a case from someone whose device was behaving suspiciously. He found that a virus was leaked to his device after using Snaptube.

After investigating the case, the team found that the application is leaking data and installing malware, in addition to serving invisible ads and charging users for premium purchases they haven’t made!  

Experts at the security company Upstream in London claim that users are served invisible ads without their knowledge that run silently on the device, allowing the app maker to generate ad revenue at the expense of churning up a user’s mobile data and battery power. The app also uses the same background click technique to rack up charges for premium purchases the user never requested.

Although the app could be downloaded for free, it can secretly sign users up for premium paid services without their knowledge. The method is known as “fleeceware” because although the app isn’t strictly malware, it can defraud you for money. This and other Android scams depend on the fact that the Google Play Store permits applications to regularly deduct funds from the associated credit or debit card.

Users may not remember using the SnapTube app by the time it begins billing because it has a free trial period. Android users can typically remove the app or stop trials like this before the subscription begins.

However, some users download these types of apps, use them a couple of times, and then totally forget they have them installed. According to claims, SnapTube made about $100 million (£78 million) by tricking unwary users.

The app’s creator, Mobiuspace, was questioned but claimed it is unaware of the problem. The company said that any issues with unauthorized charges would be caused by third-party software that SnapTube interacts with. 

According to Upstream, the blame is on the third-party software development kit (SDK) code, known as Mango, embedded inside Snaptube’s app.

Below is a security test by ImmuniWeb, an AI tool that checks an app’s security, revealing tens of security risks!

According to the security test:

  • The application has no privacy policy.
  • The mobile application requests access to the following functionality options that may endanger user’s privacy under certain circumstances:
    • The mobile application can access external storage (e.g. SD card) in a write or read mode.
    • The mobile application can answer and place calls, or access/modify the phone state.
    • The mobile application has access to the geographical location of the mobile phone.

In conclusion, while Snaptube may seem like a convenient way to download content from the internet, it comes with several potential threats. To stay safe when using such software:

  1. Only download applications from official sources, like Apple’s AppStore and Android’s Google Play.
  2. Keep your device’s antivirus software up to date. 
  3. Always read reviews and user feedback before downloading any app to your device.
  4. Be sure to read the app’s privacy policy and terms of use before downloading it. 
  5. Consider using a virtual private network (VPN) to encrypt your internet connection and protect your privacy.
  6. Only download content that you have the rights to, or that is in the public domain, to avoid legal trouble.

This page is available in a different language العربية (Arabic) هذه الصفحة متوفرة بلغة مختلفة

Avatar photo

Sally Rammal

Sally Rammal, currently the Digital safety officer at SMEX, she is a Computational Linguistic Engineer with a solid experience in Automatic Natural Language Processing (NLP) and improving human-computer interaction. Member of the SMEX's Digital Security Helpdesk team, she provides support to activists, journalists, and lawyers in matters of Digital Security.