Friday, October 4, 2024
HomeAdwareGoogle Banned An App Developer whose Apps Installed 500 Million Times Followed...

Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign

Published on

Google has taken action against Chinese Android developer and banned from play store for committing ad fraud and canceling the app ownership.

DO Global, a company that owned 46 apps from Google playstore has been completely removed and their apps no longer offer ad inventory for purchase via Google’s AdMob network.

DO claims to have more than 250 million monthly active users and its ad platform serving over 800 million users through its ad platform.

- Advertisement - EHA

Before all these fraudulent apps removed from apps store, DO Global had roughly 100 apps in the Play store with over 600 million installs.

According to buzzfeednews Report, “Google removed those six apps, and claimed its internal systems had also flagged most of them for removal. Another 40 DO apps disappeared from the Play store this week, including 20 using the Do Global Games developer name, and 14 listed under Applecheer Studio.”

This action was taken by Google followed by on the biggest previous ad fraud campaign that committed by Chinese developers Cheetah Mobile and Kika Tech.

In the previous report, Eight most famous Andriod apps that downloaded more than 2 billion times from Google play store committing biggest ad fraud in the history that could have stolen millions of dollars by exploiting the user’s permissions.

The Android apps including Clean MasterCM File ManagerCM Launcher 3DSecurity MasterBattery DoctorCM Locker, Cheetah Keyboard, and these all apps are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange and another app Kika Keyboard, owned byKika Tech, a Chinese company now headquartered in Silicon Valley.

Both companies claim more than 700 million active users per month for their Android mobile apps.

All these eight well-known apps tracked and proved it’s fraudulent activity by Kochava that committing ad fraud when users downloaded new apps in which, Cheetah and Kika apps claim the credit for the download reward and this ad fraud activity referred as click flooding and click injection.

How does it works

New app developers used to pay for their app installations when users click and download their app that typically ranges from 50 cents to $3 to partners such as the publisher of the app, ad severing network often called this process as App install attribution.

Once the app finally opened, the app performs an operation called“lookback” in order to check where the last click came from and it performs the attribution accordingly to provide the installation credit. Refer to the below image.

Here the twist, Cheetah and Kika apps are playing a game to abuse this attribution system and their 7 apps always claim the “Last click” and gain the publisher credit and earned the millions of dollars.

In order to achieve this task, seven Cheetah apps that require users to give them permission to see when new apps are downloaded and to launch other apps.

According to buzzfeednews Report, “The Cheetah apps listen for when a user downloads a new app. As soon as a new download is detected, the Cheetah app looks for active install bounties available for the app in question. It then sends off clicks that contain the relevant app attribution information to ensure Cheetah wins the bounty — even though it had nothing to do with the app being downloaded. This is referred to as click injection.”

“Apart from this, Cheetah’s apps also programmed to launch the newly downloaded app without the user’s knowledge that helps to increase the odds that it will receive credit for the app install, as the bounty is only paid when a user opens a new app,” Grant Simmons, the head of client analytics for Kochava said.

Another App Kika Keyboard performing different operation to execute both click flooding and click injection. 

During the process of installation, Kika Keyboard requires users to give it permission to see what’s being typed and the way it listens for any Play store searches and looking for the installation credits offer for apps related to those searches.

Two of Cheetah Mobile’s apps, CM Locker and Battery Doctor, were removed from the Google Play store. Soon of this report published “temporarily removed Battery Doctor and CM Locker from the Google Play Store on our own initiative.” But they denied providing information about why it’s been removed from the Google play store.

In this case, DO Global released a statement after reading the reports about our apps, we immediately conducted an internal investigation on this matter. We regret to find irregularities in some of our products’ use of AdMob advertisements. Given this, we fully understand and accept Google’s decision.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...

New Android Spyware As TV Streaming App Steals Sensitive Data From Devices

Recent research has revealed a new Android malware targeting mnemonic keys, a crucial component...

Chameleon Device-Takeover Malware Attacking IT Employees

Researchers have identified a new Chameleon campaign targeting hospitality employees, where the attackers employed...