Despite Apple, Google, and other multi-billion dollar tech companies spending oodles of cash on very smart people to help them keep their users safe online, the tug-of-war between them and the underbelly of the Internet continues unabated.
Today, Buzzfeed News reported on their own investigation deep into a network of well over 100 Android apps that are apparently leveraging a system of bots and shell companies to bilk advertisers out of potentially hundreds of millions of dollars. A spreadsheet on Google Docs contains the names of all the apps and their developers who are said to be involved in this massive scheme.
According to Buzzfeed, there are two main components to getting the con to work: The fraudsters must own the app in question, and they must be using bots to simulate human interaction within the app. These bots produce the clicks on ads that appear in the app, and advertisers pay for these clicks -- without ever knowing that they're fraudulent and will never lead to a sale. Well, at least until now.
Click fraud is a problem that Google has dealt with in its own ad network for years, usually with success, but it appears that ne'er-do-wells have found another avenue to funnel money into their pockets under false pretenses.
Buzzfeed estimates that the 125 apps in question have been downloaded over 115 million times, and many of them integrate Google's own ad exchange, meaning that Google was unknowingly pulled into this scheme on multiple fronts.
FOLLOW Download.com on Twitter for all the latest app news.
A fraud protection company named Pixalate first detected the signs of this scheme over the summer, and its CTO Amin Bandeali told Buzzfeed, "App stores, perhaps unwittingly, are providing a gateway to connecting fraudsters with [advertising] inventory buyers and sellers. While the stores present customer reviews, download numbers and other 'quality' metrics, they offer minimal services that vet the business practices, technology and relationships of the app companies."
Buzzfeed identifies a company called Fly Apps in connection with this situation, after researching domain records, corporate registrations, "and other publicly available information." This data led it to a man named Omer Anatot, who appears to be Fly Apps' co-owner, but he has strenuously denied any involvement.
Instead, he blamed the bot problem on an ad exchange called AdNet Express, suggesting that it must have used the bots to download apps and falsely pump up their numbers.
As for AdNet Express, its existence is shadowy at best. Buzzfeed was unable to definitively identify its personnel, and its minimal means of contact was created by a service that generates fake email addresses.
Due to the depth of this campaign and how much it cost advertisers, this story may be the first step in a longer narrative about Android app security, the dark side of AI that simulates human activity, and the ease with which mobile app ownership can be consolidated behind the scenes.
- Buzzfeed News reports that it has uncovered a massive network of Android apps that are using bots to fake clicks on ads, likely costing advertisers hundreds of millions.
- Google has dealt with click fraud before, in the context of ads displayed on websites, but this app-based fraud apparently opens up a new and unexpected front on this method of thievery.
- Apple launches privacy education hub to help iPhone and Mac users with personal data security
- 50 million Facebook accounts got hacked, and Facebook doesn't appear to know why
- Magecart hacker group caught stealing credit cards from popular online shopping plugin
- Hackers, trolls and the fight over your vote in the 2018 midterm elections (CNET)
- Fraudulent shopping domain certificate issuance outstrips legitimate businesses (ZDNet)
- Why that email from your boss could be a scam waiting to happen (TechRepublic)