Android App With 50 Million Downloads is Probably a Phone Hijacker

• Upstream warns of an app called “VidMate”, which allegedly hijacks smartphones.
• The app is reported to download hidden ads, click on them, collect user data, and download more adware.
• During the past couple of months, the app attempted to carry out 130 million shady transactions.

As reported by Upstream researchers, a popular Android video downloader app called “VidMate” on various download channels or “Free Video Downloader” on the Play Store, is actually a smartphone hijacker. What the app does is to spend mobile data with extravagance, incur various charges, collect user data, and initiating hundreds of suspicious connections for data transmission. Running on the background without the user realizing it, the app fetches invisible ads and then clicks on them, generating revenue for its developers. Finally, it even downloads other apps without even asking for the user’s consent, which is obviously also adware/malware apps.

As the app is still available on the Google Play store, we decided to give it a spin on our testing device and check what goes on in the background. The app asked for local files access, and the first page looks like it’s got some ads which are not hidden at all. Apart from that, we noticed the fetching of an additional file upon launching the app for the second time, but our CPU and RAM usage monitoring didn’t reveal anything obviously suspicious.

The background internet data usage isn’t indicative of anything wrong either, and the battery use of the particular app was low so we cannot confirm Upstream’s claims. However, we have not tested the app extensively and did not use a SIM card and mobile data, but a WiFi connection instead. Normally, this shouldn’t make a difference, but we can’t tell for sure.

Upstream claims that their security platform, Secure-D, has detected and blocked around 130 million suspicious transaction attempts over the past few months, saving the users of 5 million mobile devices across 15 countries from $170 million of hidden charges induced by the background activity of the video-downloading app. According to Upstream’s report, VidMate wastes about 3 GB of network data each month, both for the hidden ad fetching and for the data collection and sending back to the server.

The countries that seem to be the most targeted are Egypt, Myanmar, Brazil, Qatar, South Africa, Ethiopia, Nigeria, Malaysia, and Kuwait. Considering the minimum wage in these countries and the cost of mobile data services, people may find themselves hugely damaged by an app that was supposed to help them download a Facebook, Instagram, Dailymotion, or Vimeo video.

Have you ever had an Android app experience like the one described by Upstream about VidMate? Share the details with us in the comments down below, and help us reach more people by sharing this post through our socials, on Facebook and Twitter.