Google has taken action against Chinese Android developer and banned from play store for committing ad fraud and canceling the app ownership.

DO Global, a company that owned 46 apps from Google playstore has been completely removed and their apps no longer offer ad inventory for purchase via Google’s AdMob network.

DO claims to have more than 250 million monthly active users and its ad platform serving over 800 million users through its ad platform.

Before all these fraudulent apps removed from apps store, DO Global had roughly 100 apps in the Play store with over 600 million installs.

According to buzzfeednews Report, “Google removed those six apps, and claimed its internal systems had also flagged most of them for removal. Another 40 DO apps disappeared from the Play store this week, including 20 using the Do Global Games developer name, and 14 listed under Applecheer Studio.”

This action was taken by Google followed by on the biggest previous ad fraud campaign that committed by Chinese developers Cheetah Mobile and Kika Tech.

In the previous report, Eight most famous Andriod apps that downloaded more than 2 billion times from Google play store committing biggest ad fraud in the history that could have stolen millions of dollars by exploiting the user’s permissions.

The Android apps including Clean MasterCM File ManagerCM Launcher 3DSecurity MasterBattery DoctorCM Locker, Cheetah Keyboard, and these all apps are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange and another app Kika Keyboard, owned byKika Tech, a Chinese company now headquartered in Silicon Valley.

Both companies claim more than 700 million active users per month for their Android mobile apps.

All these eight well-known apps tracked and proved it’s fraudulent activity by Kochava that committing ad fraud when users downloaded new apps in which, Cheetah and Kika apps claim the credit for the download reward and this ad fraud activity referred as click flooding and click injection.

How does it works

New app developers used to pay for their app installations when users click and download their app that typically ranges from 50 cents to $3 to partners such as the publisher of the app, ad severing network often called this process as App install attribution.

Once the app finally opened, the app performs an operation called“lookback” in order to check where the last click came from and it performs the attribution accordingly to provide the installation credit. Refer to the below image.

Here the twist, Cheetah and Kika apps are playing a game to abuse this attribution system and their 7 apps always claim the “Last click” and gain the publisher credit and earned the millions of dollars.

In order to achieve this task, seven Cheetah apps that require users to give them permission to see when new apps are downloaded and to launch other apps.

According to buzzfeednews Report, “The Cheetah apps listen for when a user downloads a new app. As soon as a new download is detected, the Cheetah app looks for active install bounties available for the app in question. It then sends off clicks that contain the relevant app attribution information to ensure Cheetah wins the bounty — even though it had nothing to do with the app being downloaded. This is referred to as click injection.”

“Apart from this, Cheetah’s apps also programmed to launch the newly downloaded app without the user’s knowledge that helps to increase the odds that it will receive credit for the app install, as the bounty is only paid when a user opens a new app,” Grant Simmons, the head of client analytics for Kochava said.

Another App Kika Keyboard performing different operation to execute both click flooding and click injection. 

During the process of installation, Kika Keyboard requires users to give it permission to see what’s being typed and the way it listens for any Play store searches and looking for the installation credits offer for apps related to those searches.

Two of Cheetah Mobile’s apps, CM Locker and Battery Doctor, were removed from the Google Play store. Soon of this report published “temporarily removed Battery Doctor and CM Locker from the Google Play Store on our own initiative.” But they denied providing information about why it’s been removed from the Google play store.

In this case, DO Global released a statement after reading the reports about our apps, we immediately conducted an internal investigation on this matter. We regret to find irregularities in some of our products’ use of AdMob advertisements. Given this, we fully understand and accept Google’s decision.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Leave a Reply