We all know how popular Facebook, Youtube, and Instagram are. As of April 2020, these giant online platforms attracted billions of users, including 2.5 billion for Facebook alone.
All of them are different in their own way, but they have one thing in common, their videos are not downloadable. Users can’t download videos from these sites, but they can use certain software to get the job done.
When we speak of downloading videos, Snaptube is the first application that comes to mind. The app has around 40 million users, yet it’s been installed many more times than that.
However, if you’re an Android user, you might have missed the app as it’s not available on Google Play Store since the parent of Youtube doesn’t allow video downloaders.
This is a good thing actually as we now turn to the unfortunate news. Apparently, the so-called free app, Snaptube, has been signing users up for premium services in the background (Without them knowing) and harvests their money. This is called “Fleeceware” and we have all the information you need about that below.
Snaptube – What Goes Around in the Background
As we mentioned, Snaptube is an app that allows users to download videos and music from Facebook, Instagram, Youtube, and the likes.
The app is developed by China-based Mobiuspace, which has various apps in Google Play Store’s library such as the very popular Lark Player.
However, Snaptube didn’t make it to Google Play Store as previously stated. Now, despite the app’s developer saying that Snaptube is “safe” to use, reports state that it’s completely the opposite.
According to Upstream – a security firm based in the UK – the app is manipulating user data and signing them up for premium services without them being aware of it.
Apparently, Snaptube bombards users with invisible ads that run silently on their Android devices without their consent or knowledge. Aside from generating revenue, which is how ads work, Snaptube executes the same process to charge users for purchases they never actually bought.
Snaptube comes with a free trial, but it can also be used without signing up. A premium account basically adds some features and removes ads (visible ones at least).
If Android users got a subscription, it won’t be as easy to cancel it as it is on Google Play. They might even forget they’ve done it, to begin with. On the other hand, a lot of consumers also download the app for a 1-2 time use only, which may lead to forgetting about having the app on the device.
Such actions helped Snaptube make around $100 million (£78 million) by scamming unsuspecting users, which is definitely a great deal.
Technically speaking, the app itself is not malware. That’s why the security firm is calling it Fleeceware instead as it can fleece you out of money.
Cracking the App
Based on what researchers found, it’s all about a third-party software development kit (SDK) that goes by the name of Mango.
According to Upstream, Secure-D experts used two Android devices that have Snaptube. They received subscription verification SMS messages their devices
In the image below, you can clearly see the confirmation message sent to the infected Samsung and Huawei mobiles:
If you notice the last message, it’s clearly an invitation to purchase a subscription of a new service, where no user actions have taken place. The researchers also went to detect and record all network traffic regarding the Snaptube app.
Apparently, the software was communicating with a command and control (C&C) server in order to identify subscription services. After that, it attempts to subscribe the end-user to them. Finally, it encrypts the returned data using the gzip algorithm. Here’s how it looks like:
Mobiuspace addressed the issue and stated that they weren’t aware of the problem. After that, they sent out notifications to their users asking them to download the new update that does not contain the fleeceware.
Final Thoughts
This isn’t the first time Mango has been executed in such acts. A while ago, the popular file sharing and storage Android app 4shared hid suspicious background activities. It also generated fake views, clicks and purchases.
The best way to protect yourself from what such apps are doing is to not download them in the first place. If you have Snaptube now, uninstall it immediately. Some of you guys are not that keen on security and privacy protection. A lot of online sites like The VPN Guru offer tips and advice for anything online related.