Friday, June 14, 2024

Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign

Google has taken action against Chinese Android developer and banned from play store for committing ad fraud and canceling the app ownership.

DO Global, a company that owned 46 apps from Google playstore has been completely removed and their apps no longer offer ad inventory for purchase via Google’s AdMob network.

DO claims to have more than 250 million monthly active users and its ad platform serving over 800 million users through its ad platform.

Before all these fraudulent apps removed from apps store, DO Global had roughly 100 apps in the Play store with over 600 million installs.

According to buzzfeednews Report, “Google removed those six apps, and claimed its internal systems had also flagged most of them for removal. Another 40 DO apps disappeared from the Play store this week, including 20 using the Do Global Games developer name, and 14 listed under Applecheer Studio.”

This action was taken by Google followed by on the biggest previous ad fraud campaign that committed by Chinese developers Cheetah Mobile and Kika Tech.

In the previous report, Eight most famous Andriod apps that downloaded more than 2 billion times from Google play store committing biggest ad fraud in the history that could have stolen millions of dollars by exploiting the user’s permissions.

The Android apps including Clean MasterCM File ManagerCM Launcher 3DSecurity MasterBattery DoctorCM Locker, Cheetah Keyboard, and these all apps are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange and another app Kika Keyboard, owned byKika Tech, a Chinese company now headquartered in Silicon Valley.

Both companies claim more than 700 million active users per month for their Android mobile apps.

All these eight well-known apps tracked and proved it’s fraudulent activity by Kochava that committing ad fraud when users downloaded new apps in which, Cheetah and Kika apps claim the credit for the download reward and this ad fraud activity referred as click flooding and click injection.

How does it works

New app developers used to pay for their app installations when users click and download their app that typically ranges from 50 cents to $3 to partners such as the publisher of the app, ad severing network often called this process as App install attribution.

Once the app finally opened, the app performs an operation called“lookback” in order to check where the last click came from and it performs the attribution accordingly to provide the installation credit. Refer to the below image.

Here the twist, Cheetah and Kika apps are playing a game to abuse this attribution system and their 7 apps always claim the “Last click” and gain the publisher credit and earned the millions of dollars.

In order to achieve this task, seven Cheetah apps that require users to give them permission to see when new apps are downloaded and to launch other apps.

According to buzzfeednews Report, “The Cheetah apps listen for when a user downloads a new app. As soon as a new download is detected, the Cheetah app looks for active install bounties available for the app in question. It then sends off clicks that contain the relevant app attribution information to ensure Cheetah wins the bounty — even though it had nothing to do with the app being downloaded. This is referred to as click injection.”

“Apart from this, Cheetah’s apps also programmed to launch the newly downloaded app without the user’s knowledge that helps to increase the odds that it will receive credit for the app install, as the bounty is only paid when a user opens a new app,” Grant Simmons, the head of client analytics for Kochava said.

Another App Kika Keyboard performing different operation to execute both click flooding and click injection. 

During the process of installation, Kika Keyboard requires users to give it permission to see what’s being typed and the way it listens for any Play store searches and looking for the installation credits offer for apps related to those searches.

Two of Cheetah Mobile’s apps, CM Locker and Battery Doctor, were removed from the Google Play store. Soon of this report published “temporarily removed Battery Doctor and CM Locker from the Google Play Store on our own initiative.” But they denied providing information about why it’s been removed from the Google play store.

In this case, DO Global released a statement after reading the reports about our apps, we immediately conducted an internal investigation on this matter. We regret to find irregularities in some of our products’ use of AdMob advertisements. Given this, we fully understand and accept Google’s decision.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles