These apps were faking ad clicks and mistreating user data
An investigation conducted by Buzzfeed in collaboration with Check Point, Method Media Intelligence and ESET security firms found that six apps published by DU Global were clicking on in-app ads to generate revenue illegally and without the user’s knowledge. They also lied about their developer and country of origin, they don’t comply with GDPR regulation and ask for many dangerous permissions that the function is independent of. Combined, they have over 90 million downloads. Most third-party apps rely on little banner ads that sit at the bottom of an app, while others sometimes have five-second full-screen ads. Generally, these ads are provided by Google or third party’s ad services, which pays them a small amount for displaying the ad and a larger amount when a user clicks on the ad.
Security researchers dived in deep into Selfie Camera, which has over 50 million downloads. In addition to the ad fraud, they found that the app also committed ‘download fraud’ where the app monitored the other apps on the phone. When a new app was downloaded, Selfie Camera uploaded information about the app and claimed that they caused it to be downloaded, tricking developers into paying them. It also contains code designed to monitor battery, monitors the CPU and to view external websites.“We explicitly prohibit ad fraud and service abuse on Google Play. Developers are required to disclose the collection of personal data, and only use permissions that are needed to deliver the features within the app,” Google told Buzzfeed. “If an app violates our policies, we take action that can include banning a developer from being able to publish on Play.”