Tuesday, November 27, 2018

Eight Android apps with 2 billion+ downloads are committing ad click fraud

Offending apps include Clean Master, CM File Manager, Battery Doctor, and more.

Google's made considerable efforts over the years to reduce the amount of junk that pops up on the Play Store, but even with all of that hard work, some garbage still seeps through the cracks. On November 26, BuzzFeed News published a report outlining how eight Android apps on the Play Store are being used to commit click fraud with advertisements.

App analytics firm Kochava provided the details to BuzzFeed News, reporting that seven apps from Cheetah Mobile and one from Kika Tech "have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars."

This particular scheme exploits the fact that many app developers pay a fee, or bounty, that typically ranges from 50 cents to $3 to partners that help drive new installations of their apps. Kochava found that the Cheetah and Kika apps tracked when users downloaded new apps and used this data to inappropriately claim credit for having caused the download. The practice being executed by Cheetah and Kika is referred to as click flooding and click injection, and ensures these companies are rewarded an app-install bounty even when they played no role in an app's installation.

The offending apps and their respective downloads include the following:

  • Clean Master (1 billion downloads)
  • Security Master (540 million downloads)
  • CM Launcher 3D (225 million downloads)
  • Kika Keyboard (205 million downloads)
  • Battery Doctor (200 million downloads)
  • Cheetah Keyboard (105 million downloads)
  • CM Locker (105 million downloads)
  • CM File Manager (65 million downloads)

CM Locker and Battery Doctor were removed from the Google Play Store following BuzzFeed News's article, but all of the other ones are still available as per usual.

Kika and Cheetah Mobile have both tried to deny any wrongdoings on their part, with Kika claiming that malicious code was placed inside Kika Keyboard without its knowledge and Cheetah Mobile throwing the blame on third-party SDKs. However, Kochava isn't buying either of these excuses.

It's unclear at this time if Cheetah's other apps and Kika Keyboard will remain on the Play Store, but should anything change, we'll update this article accordingly.



from Android Central - Android Forums, News, Reviews, Help and Android Wallpapers https://ift.tt/2Qh519N
via IFTTT

No comments:

Post a Comment