Monday, April 21, 2025
HomeAdwareGoogle Banned An App Developer whose Apps Installed 500 Million Times Followed...

Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign

Published on

SIEM as a Service

Follow Us on Google News

Google has taken action against Chinese Android developer and banned from play store for committing ad fraud and canceling the app ownership.

DO Global, a company that owned 46 apps from Google playstore has been completely removed and their apps no longer offer ad inventory for purchase via Google’s AdMob network.

DO claims to have more than 250 million monthly active users and its ad platform serving over 800 million users through its ad platform.

- Advertisement - Google News

Before all these fraudulent apps removed from apps store, DO Global had roughly 100 apps in the Play store with over 600 million installs.

According to buzzfeednews Report, “Google removed those six apps, and claimed its internal systems had also flagged most of them for removal. Another 40 DO apps disappeared from the Play store this week, including 20 using the Do Global Games developer name, and 14 listed under Applecheer Studio.”

This action was taken by Google followed by on the biggest previous ad fraud campaign that committed by Chinese developers Cheetah Mobile and Kika Tech.

In the previous report, Eight most famous Andriod apps that downloaded more than 2 billion times from Google play store committing biggest ad fraud in the history that could have stolen millions of dollars by exploiting the user’s permissions.

The Android apps including Clean MasterCM File ManagerCM Launcher 3DSecurity MasterBattery DoctorCM Locker, Cheetah Keyboard, and these all apps are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange and another app Kika Keyboard, owned byKika Tech, a Chinese company now headquartered in Silicon Valley.

Both companies claim more than 700 million active users per month for their Android mobile apps.

All these eight well-known apps tracked and proved it’s fraudulent activity by Kochava that committing ad fraud when users downloaded new apps in which, Cheetah and Kika apps claim the credit for the download reward and this ad fraud activity referred as click flooding and click injection.

How does it works

New app developers used to pay for their app installations when users click and download their app that typically ranges from 50 cents to $3 to partners such as the publisher of the app, ad severing network often called this process as App install attribution.

Once the app finally opened, the app performs an operation called“lookback” in order to check where the last click came from and it performs the attribution accordingly to provide the installation credit. Refer to the below image.

Here the twist, Cheetah and Kika apps are playing a game to abuse this attribution system and their 7 apps always claim the “Last click” and gain the publisher credit and earned the millions of dollars.

In order to achieve this task, seven Cheetah apps that require users to give them permission to see when new apps are downloaded and to launch other apps.

According to buzzfeednews Report, “The Cheetah apps listen for when a user downloads a new app. As soon as a new download is detected, the Cheetah app looks for active install bounties available for the app in question. It then sends off clicks that contain the relevant app attribution information to ensure Cheetah wins the bounty — even though it had nothing to do with the app being downloaded. This is referred to as click injection.”

“Apart from this, Cheetah’s apps also programmed to launch the newly downloaded app without the user’s knowledge that helps to increase the odds that it will receive credit for the app install, as the bounty is only paid when a user opens a new app,” Grant Simmons, the head of client analytics for Kochava said.

Another App Kika Keyboard performing different operation to execute both click flooding and click injection. 

During the process of installation, Kika Keyboard requires users to give it permission to see what’s being typed and the way it listens for any Play store searches and looking for the installation credits offer for apps related to those searches.

Two of Cheetah Mobile’s apps, CM Locker and Battery Doctor, were removed from the Google Play store. Soon of this report published “temporarily removed Battery Doctor and CM Locker from the Google Play Store on our own initiative.” But they denied providing information about why it’s been removed from the Google play store.

In this case, DO Global released a statement after reading the reports about our apps, we immediately conducted an internal investigation on this matter. We regret to find irregularities in some of our products’ use of AdMob advertisements. Given this, we fully understand and accept Google’s decision.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Infostealer Attacks Surge 84% Weekly Through Phishing Emails

The volume of infostealer malware distributed through phishing emails has surged by 84% week-on-week...

North Korean IT Workers Use Real-Time Deepfakes to Infiltrate Organizations Through Remote Jobs

A division of Palo Alto Networks, have revealed a sophisticated scheme by North Korean...

New Phishing Technique Hides Weaponized HTML Files Within SVG Images

Cybersecurity experts have observed an alarming increase in the use of SVG (Scalable Vector...

Detecting And Blocking DNS Tunneling Techniques Using Network Analytics

DNS tunneling is a covert technique that cybercriminals use to bypass traditional network security...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...

43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers

A comprehensive study by zLabs, the research team at Zimperium, has found that over...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...