By Christy McNee at

Are Your Android Apps Committing Fraud Behind Your Back?

Popular Android Apps Have Been Committing Ad Fraud Behind Users’ Backs

Eight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars, according to research from Kochava, an app analytics and attribution company that detected the scheme and shared its findings with BuzzFeed News.

Seven of the apps Kochava found engaging in this behavior are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange that last year was accused of fraudulent business practices by a short-seller investment firm — a charge that Cheetah vigorously denied. The other app is owned by Kika Tech, a Chinese company now headquartered in Silicon Valley that received a significant investment from Cheetah in 2016. The companies claim more than 700 million active users per month for their mobile apps.

The allegations are the latest shock to a vast digital ad tech industry that remains dogged by a multibillion-dollar fraud problem and a mobile ecosystem rife with malicious ads and fraudulent practices. BuzzFeed News reported last month on an ad fraud scheme that tracked user behavior in dozens of Android apps to generate fake traffic and steal advertisers’ money. Google estimated close to $10 million was stolen from it and its partners, and subsequently removed many of the apps from its Play store.

How It Works

App developers often issue so-called bounties for third parties to help drive installations. If a user clicks on an ad for an app and then installs and opens it, the app’s developer will pay the ad network. The key is to know who should get credit for driving that installation, as the money needs to flow to the network that served the ad, as well as to the publisher of the app or website where the ad appeared, for example. This is the weakness in the system. App install attribution, as it’s called, is often not an exact science because it can be hard to definitively identify which ad led to the installation of an app on a specific phone.

To attribute the installation to the correct party, information about the device used to click on the ad and the network and publisher that served it is passed along with the app installation. When the app is finally opened, the app does a “lookback” to see where the last click came from and attribute the installation accordingly.

Kochava found that Cheetah and Kika apps are gaming this attribution system to ensure they’re awarded the last click. This is true even in cases when no ad was served and they played no role in the installation.

Normal Android App Installation ProcessClick Injection Android App Installation Process













Source:  Buzz Feed News


No Trackbacks


Display comments as Linear | Threaded

No comments

Leave A Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Submitted comments will be subject to moderation before being displayed.

About This Blog

This blog is a place to read about the latest news and activity going on at McNee Solutions