Clean Master, CM File Manager, other popular Android apps reportedly committing ad fraud

“A total of eight apps, including the Clean Master, on Google Play store has been exploiting user permissions to steal millions of dollars”

Several popular apps on Google Play store have allegedly been found engaging in an ad fraud scheme. An app analytics firm has claimed that a number of Android apps developed by two Chinese developers – Cheetah Mobile and Kika Tech – have been exploiting user permissions to steal “millions of dollars”. The applications caught in the fraud include Clean Master, CM File Manager, and Kika keyboard among others, which reportedly have over 700 million monthly active users.

“The two firms have been misusing app permissions in order to monitor new downloads and then used the data to claim credit for having caused the download,” notes app analytics firm Kovhava in its report, shared with Buzzfeed News. The report further adds that the ad fraud scheme exploits the fact that a number of app developers pay a fee, or ‘bounty’, ranging from 50 cents (roughly Rs. 35) to $3 (roughly Rs. 200) to partners that help them get more installations of their apps.

Cheetah and Kika app developers have reportedly been keeping track of users downloading new apps and using the data to inappropriately claim credit for having caused the download. This fraudulent practice is called click flooding/ click injection and lets the companies get rewarded for every app installation despite no role in it.

Seven apps owned by Cheetah have been implicated. These include Clean Master, CM File Manager, CM Launcher 3D, Security Master, Battery Doctor, CM Locker, and Cheetah Keyboard. These Android apps have been downloaded more than 20 million times in the last 30 days, as per data from AppBrain analytical service. Google Play has itself promoted the CM Launcher 3D as one of the “go-to apps” for smartphone users.

The other app engaged in similar practice is Kika Keyboard. The app is said to be one of the most popular keyboards in the Play Store with over 60 million monthly users. Upon being about the fraud to Kika Tech CEO Bill Hu, said that the ad fraud took place “without the company’s full knowledge.”

He added that the company is internally investigating the issue and will “rectify the situation” in case “code has been placed inside our product”. Meanwhile, Cheetah Mobile also issued a statement to BuzzFeed News suggesting that third-party software development kits (SDKs) integrated into its apps were responsible for the click injection. “We request ads via SDK from these ad platforms and display their ads. We have no control over the behaviour of these SDKs,” the company was quoted as saying. However, Kochava as well as another analyst found Kika Tech’s proprietary software executes the click injection, not any third-party software.

Google told Buzzfeed News that it had not confirmed the presence of fraudulent tactics in the apps and instead sought more information from the two developers. On the other hand, Cheetah Mobile said it had voluntarily removed two of the apps – Battery Doctor and CM Locker Apps – from Google Play, though the former is already on back the App Store and the latter “will be re-launched very soon.”

from 91mobiles.com https://ift.tt/2SfcCmo
>