Yesterday, Google issued a response to how it is handling the huge ad fraud after Buzzfeed News reported it to them last week. According to this report, almost 125 Android apps and websites were affected in this ad fraud. Many of these affected apps are targeted at kids or teens.
Buzzfeed News in their report said that application developers were being contacted by sketchy websites such as We Purchase Apps offering to buy their mobile applications. After acquiring these apps, they changed the details of the applications on Google Play Store.
These companies were part of a massive, sophisticated digital advertising fraud scheme. This fraud involved more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere.
This report also revealed that those using these apps were secretly tracked:
“A significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application."
Schemes like these are targeting Android applications because of its huge user base and also because Google Play Store has a less strict app review process as compared to Apple’s App Store. Android apps are bought by offering huge sums and sold, injected with malicious code, repurposed without users’ or Google’s knowledge, and are turned into engines of fraud.
As revealed by Buzzfeed News, the web-based traffic is generated by a botnet called TechSnab. This botnet is a small to medium-sized botnet that has existed for a few years.
These botnets create hidden browser windows that visit web pages to inflate ad revenue. The malware contains common IP based cloaking, data obfuscation, and anti-analysis defenses. The botnets directed traffic to a network of websites created specifically for this operation and monetized with Google and many third-party ad exchanges.
Based on the analysis of historical ads.txt crawl data, inventory from these websites was widely available throughout the advertising ecosystem. As many as 150 exchanges, supply-side platforms (SSPs) or networks may have sold this inventory. The botnet operators had hundreds of accounts across 88 different exchanges based on accounts listed with DIRECT status in their ads.txt files.
Buzzfeed News shared a list of apps and websites connected to the scheme with Google last week. Google investigated and found that dozens of apps used its mobile advertising network and confirmed in its post yesterday, the presence of a botnet driving traffic to websites and apps in the scheme.
One of Google’s Spokesperson told Buzzfeed News:
“We take seriously our responsibility to protect users and provide a great experience on Google Play. Our developer policies prohibit ad fraud and service abuse on our platform, and if an app violates our policies, we take action.”
In the past week, Google has removed apps involved in this ad fraud scheme, banning them from monetizing with Google. Additionally, they have blacklisted those apps and websites that are outside their ad network to ensure that advertisers using Display & Video 360 do not buy any of this traffic.
Google is taking the following steps to curb this ad fraud scheme:
To know more about Google’s steps towards these ad fraud schemes check out their official announcement. Also, read the full investigation report shared by the Buzzfeed News.
OK Google, why are you ok with mut(at)ing your ethos for Project DragonFly?
Google Cloud’s Titan and Android Pie come together to secure users’ data on mobile devices
Google open sources Active Question Answering (ActiveQA), a Reinforcement Learning based Q&A system