Unbeknown to the app developers, an advertising software kit contained code for stealing data from their products’ users.
More than 500 Android apps, collectively downloaded over 100 million times from the Google Play store, could have been used to secretly distribute spyware to users, thanks to a malicious advertising SDK (software development kit).
Mobile apps — especially free ones — commonly use advertising SDKs to deliver ads to their customers through existing advertising networks, thereby generating revenue.