A few days ago, Google removed popular Cheetah Mobile and Kika Tech apps from its Play Store following a BuzzFeed investigation, which discovered that the apps were engaging in ad fraud. Today, as a result of Google’s ongoing investigation into the situation, it has discovered three malicious ad network that were being used to conduct ad fraud in these apps. The company is now emailing developers who have these SDKs installed in their apps and demanding their removal. Otherwise, the developers’ apps will be pulled from Google Play, as well.
To be clear, the developers with the SDKs (software development kits) installed aren’t necessarily aware of the SDKs’ malicious nature. In fact, most are likely not, Google says.
Google shared this news in a blog post, but it didn’t name the SDKs that were involved in the ad fraud scheme. It has been learned the ad network SDKs in question are AltaMob, BatMobi and YeahMobi.
Google didn’t share the scale to which these SDKs are being used in Android apps, but based on Google’s blog post, it appears to be taking this situation seriously - which points to the potential scale of this abuse.
“If an app violates our Google Play Developer policies, we take action,” wrote Dave Kleidermacher, VP, Head of Security & Privacy, Android & Play, in the post. “That’s why we began our own independent investigation after we received reports of apps on Google Play accused of conducting app install attribution abuse by falsely claiming credit for newly installed apps to collect the download bounty from that app’s developer,” he said.
The developers will have a short grace period to remove the SDKs from their apps.
The original BuzzFeed report found that eight apps with a total of 2 billion downloads from Cheetah Mobile and Kika Tech had been exploiting user permissions as part of an ad fraud scheme, according to research from app analytics and research firm Kochava, which was shared with BuzzFeed.
Following the report, Cheetah Mobile apps Battery Doctor and CM Launcher were removed by Cheetah itself. The company additionally issued a press release aimed at reassuring investors that the removal of CM File Manager wouldn’t impact its revenue. It also said it was in discussions with Google to resolve the issues.
As of today, Google’s investigation into these apps is not fully resolved.
But it pulled two apps from Google Play on Monday - Cheetah Mobile’s File Manager and the Kika Keyboard. The apps, the report had said, contained code that was used for ad fraud — specifically, ad fraud techniques known as click injection and click flooding.
The apps were engaging in app install attribution abuse, which refers to a means of falsely claiming credit for a newly installed app in order to collect the download bounty from the app developer. The three SDKs that Google is now banishing were found to be falsely crediting app installs by creating false clicks.
Combined, the two companies had hundreds of millions of active users, and the two apps that were removed had a combined 250 million installs.
In addition to removing the two apps from Google Play, Google also kicked them out of its AdMob mobile advertising network.
With Cheetah’s voluntary removal of two apps and Google’s booting of two more, a total of four of the eight apps that were conducting ad fraud are now gone from the Google Play store. When Google’s investigation wraps, the other four may be removed as well.
Even more apps could be removed in the future, too, given that Google is demanding that developers now remove the malicious SDKs. Those who fail to comply will get the boot too.
“We will continue to investigate and improve our capabilities to better detect and protect against abusive behavior and the malicious actors behind them,” said Kleidermacher.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
