More ad fraud from Android apps
November 26, 2018 8:21 AM   Subscribe

Eight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars, according to research from Kochava, an app analytics and attribution company that detected the scheme and shared its findings with BuzzFeed News.

Seven of the apps Kochava found were engaging in this behavior are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange that last year was accused of fraudulent business practices by a short-seller investment firm — a charge Cheetah vigorously denied. The other app is owned by Kika Tech, a Chinese company now headquartered in Silicon Valley that received a significant investment from Cheetah in 2016. The companies claim more than 700 million active users per month for their mobile apps.

The allegations are the latest shock to a vast digital ad tech industry that remains dogged by a multibillion-dollar fraud problem and a mobile ecosystem rife with malicious ads and fraudulent practices. BuzzFeed News reported last month on an ad fraud scheme tracked user behavior in dozens of Android apps in order to generate fake traffic and steal advertisers’ money. Google estimated close to $10 million was stolen from it and its partners, and subsequently removed many of the apps from its Play store.
posted by Bella Donna (12 comments total) 6 users marked this as a favorite
Yeah, this always seemed like a disaster waiting to happen. So many of the ads in apps are so blatantly scammy even just at a glance, it was only a small extra step to them actually being active vectors for theft and fraud. Surprised it took this long, really.
posted by Anticipation Of A New Lover's Arrival, The at 8:25 AM on November 26, 2018 [8 favorites]

Paying someone to convince a customer to install your app always, always leads to bad behavior. Even relatively benign things Oracle bundling garbage toolbars with the Java installer are bad. But at least that'd disclosed and avoidable; many bundleware installers resort to dark patterns and dirty tricks to foist malware on your computer because they're getting paid $1-$5 per install to do it. And that's not even counting the various outright malware schemes and driveby downloads that get paid by "legitimate" companies like Ask to install their bullshit.

And so now we have software that doesn't even do the install, just sees if you installed it for some other reason and then tries to steal the referral bonus. It's kind of hilarious, really, if it weren't so awful.

Your personal phone should not be a battleground.
posted by Nelson at 8:33 AM on November 26, 2018 [6 favorites]

It'll be a battleground ala Tragedy of the Commons, or it'll be a walled garden. People, and businesses, just suck that way.
posted by seanmpuckett at 8:44 AM on November 26, 2018 [3 favorites]

From those, I only have Clean Master (although the Lite version), and it would have to take me more than this to uninstall it, because for some reason Google thinks that being ok with low-spec android devices doesn't mean they should also have a good system cleanup tool along their default apps. Used to have CCleaner until it started crashing on scan, and also, yeah.
Sometimes, trying to find an app is like walking on a minefield. You don't know if the app is heavily optimized for top-end devices and will struggle on budget devices, if it works, if it's a scam or if it's going to steal your data and mine crypto.
posted by lmfsilva at 8:56 AM on November 26, 2018 [1 favorite]

Meanwhile, the Supreme Court is weighing in on app store monopolies. Well, one in particular. I'm torn because Apple has zero interest in distributing GPL'd iOS apps, but the same avenue that would allow an F-Droid equivalent would also allow a fleet of less high minded app stores.
posted by pwnguin at 9:39 AM on November 26, 2018 [2 favorites]

heavily optimized for top-end devices

I think that can probably be more accurately described as "not optimized".
posted by flaterik at 10:00 AM on November 26, 2018 [13 favorites]

so this is like the modern twist of that scheme from Office Space?

I'm glad I purposely never click on any of the ads from the games I play, or at least not on purpose.
posted by numaner at 10:27 AM on November 26, 2018 [1 favorite]

Meanwhile, the Supreme Court is weighing in on app store monopolies.

That one is scary. I get the arguments on both sides, but the idea of Apple being forced to turn their App Store into a security minefield like Google's just doesn't make sense to me as a consumer. No one who screams about walled gardens has offered a workable security solution as a realistic alternative for consumers.
posted by Thorzdad at 10:35 AM on November 26, 2018 [4 favorites]

The adware, marketing, clickbait, scammy people scamming each other isn't an issue for me. Agree that the supreme court possibly opening the (mostly) secure Apple store to this kind of nonsense is scary tho.
posted by CrowGoat at 10:52 AM on November 26, 2018

the idea of Apple being forced to turn their App Store into a security minefield like Google's just doesn't make sense to me as a consumer

I don't think the exclusiveness of the App Store is under attack. It looks like the lawsuit is about the 30% fee, and maybe the inability to bring in apps outside the store. Apple might be able to avoid letting people sideload apps by removing some of the restrictions on the App Store instead of making iPhones vulnerable to problems from entirely non-vetted apps, but they don't want to do that either - they really don't want people to be able to use the Kindle app to buy books without paying Apple that 30% cut, or allow Steam game purchases.

Apple may be required to allow non-App Store apps, and tell people, "if you install outsider apps, your warranty is void."I don't know if that's easier for them to do than just opening the App Store; I don't know how hard it would be to allow self-installation of apps.
posted by ErisLordFreedom at 12:27 PM on November 26, 2018 [1 favorite]

bundleware installers

I consider these bumbleware installers. As in the products they push are almost always only installed by accident.

All that said even legit companies like Google have the potential to engage in massive fraud, even if it is just penny shaving on both sides of their advertising network.
posted by srboisvert at 12:59 PM on November 26, 2018 [2 favorites]

My in-laws finally got smartphones. Of course they went with the cheapest Android option they could find, whereas my wife and I have been on Apple devices forever.

My advice to them was “don’t install anything”. It was the easiest way to ensure they would have working phones. The horrors they put their computer through before I moved them to Linux... can’t imagine how borked their phones would be if they just started installing stuff willy-nilly.

(As a first foray into Android for me, setting up their phones was ... weird. It’s ALMOST intuitive, but then some things that are drop-dead easy on an iPhone were painful on the specific Android build they had. Good news is that this lack of discoverability also made it easy for me to hide the App Store from them!)
posted by caution live frogs at 5:15 AM on November 27, 2018 [1 favorite]

« Older Unemployment Is So Low Some People Have 2 or 3...   |   The Two Faces of Lummie Jenkins Newer »

This thread has been archived and is closed to new comments