CVE-2020-7744

Name of the Vulnerable Software and Affected Versions com.mintegral.msdk:alphab (affected versions not specified)

Description The Android SDK contains malicious functionality that tracks downloads from Google URLs, including file downloads, e-mail attachments, and Google Docs links, as well as all APK downloads. The module listens to download events in Android's download manager and detects if the downloaded file's URL contains google.com or comes from a Google app, or ends with .apk for APK downloads. The captured data is sent back to Mintegral's servers. This functionality runs even when the app is not in focus, i.e., in the background.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.