Apps installed on millions of Android phones tracked user behavior to execute a multimillion-dollar ad fraud scheme

“In total, the apps identified by BuzzFeed News have been installed on Android phones more than 115 million times, according to data from analytics service AppBrain. Most are games, but others include a flashlight app, a selfie app, and a healthy eating app. One app connected to the scheme, EverythingMe, has been installed more than 20 million times,” Craig Silverman reports for BuzzFeed News. “Once acquired, the apps continue to be maintained in order to keep real users happy and create the appearance of a thriving audience that serves as a cover for the cloned fake traffic. The apps are also spread among multiple shell companies to distribute earnings and conceal the size of the operation.”
“The revelation of this scheme shows just how deeply fraud is embedded in the digital advertising ecosystem, the vast sums being stolen from brands, and the overall failure of the industry to stop it,” Silverman reports. “App metrics firm AppsFlyer estimated that between $700 million and $800 million was stolen from mobile apps alone in the first quarter of this year, a 30% increase over the previous year. Pixalate’s latest analysis of in-app fraud found that 23% of all ad impressions in mobile apps are in some way fraudulent. Overall, Juniper Research estimates $19 billion will be stolen this year by digital ad fraudsters, but others believe the actual figure could be three times that.”
“This scheme’s focus on Android apps also exposes the presence of fraud, malware, and other risks affecting Google’s mobile ecosystem and the users who rely on it. Experts say a scheme like this targets Android in part because of its huge user base, and because the Google Play store has a less rigorous app review process than Apple’s App Store. Android apps are bought and sold, injected with malicious code, repurposed without users’ or Google’s knowledge, or, as in this case, turned into engines of fraud,” Silverman reports. “Google told BuzzFeed News it quickly removes any apps that violate Play store policies and that last year it took down more than 700,000 apps that were in violation. It also emphasized its commitment to fighting ad fraud by implementing standards such as ads.txt.”
“To identify key beneficiaries of this scheme, BuzzFeed News analyzed corporate registration records, domain ownership and Domain Name System data, Play store listings, and other publicly available information,” Silverman reports. “It revealed that the network of apps and websites is linked to Fly Apps, a Maltese company with multiple connections to the scheme.”
Tons more in the full article – recommended – here.
MacDailyNews Take: In effect, Google’s insecure platform leads to defrauding Google’s ad networks, along with many other, smaller non-Google ad networks. Karmic.
Hopefully, reports such as these help ferret out and eliminate theses criminals who are defrauding advertisers!
More info about ads.txt via Wikipedia here.
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]