The Secure Developer

Exposing The SourMint Scandal With Danny Grander


Listen Later

Many developers and publishers serve as unwitting vehicles for malware. Today we speak with Snyk co-founder and Chief Security Officer Danny Grander about SourMint — a malicious SDK that has been integrated into popular apps, seeing a total of 1.2 billion downloads per month. That was before it was exposed by the Snyk research team. We open our conversation by summarizing the scandal and unpacking what SourMint is, with details on how it tracks Android and iOS user behavior while allowing for remote command execution. We then dive into how Mintegral, the creators of the SDK, hid its behavior before exploring the range of apps affected by SourMint. After chatting about the role that Snyk plays in hunting for malicious code, Danny shares insights into how they discovered SourMint. We talk about SourMint’s victims and how we can assign responsibility to both developers and marketplace vendors. Near the end of the episode, we reflect on the challenge of protecting people who are using old versions of apps that still have malicious SDK integrated into them. While the scale of SourMint’s reach seems unprecedented, it's a story that’s becoming increasingly common. Tune in to hear what we can do to protect ourselves from malicious code.

Follow Us

  • Our Website
  • Our LinkedIn

...more
View all episodesView all episodes
Download on the App Store

The Secure DeveloperBy Snyk

  • 4.7
  • 4.7
  • 4.7
  • 4.7
  • 4.7

4.7

21 ratings


More shows like The Secure Developer

View all
The a16z Show by Andreessen Horowitz

The a16z Show

1,096 Listeners

Risky Business by Risky Business Media

Risky Business

376 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,068 Listeners

Defense in Depth by CISO Series

Defense in Depth

73 Listeners

Cybersecurity Headlines by CISO Series

Cybersecurity Headlines

136 Listeners

The 404 Media Podcast by 404 Media

The 404 Media Podcast

392 Listeners

Prof G Markets by Vox Media Podcast Network

Prof G Markets

1,488 Listeners

Training Data by Sequoia Capital

Training Data

40 Listeners