Android fraud ring was stealing millions in fake ad revenueOctober 23, 2018
Over 125 Android apps and websites have been drawn into a massive fraud scheme that’s seen hundreds of millions of dollars in ad revenue stolen, according to an in-depth investigative report published by Buzzfeed News.
As Buzzfeed’s report details, the scam saw the fraudsters purchase legitimate, established applications from developers through a front company called “We Purchase Apps.” Those apps would see their ownerships transferred over to shell companies that would continue to manage the apps, while also analyzing user behavior and interactions with the apps.
That data would then be used to program a network of bots that would be directed toward the purchased apps, realistically spoofing user behavior using the real data, while helpfully masked by the legitimate users still interacting with the apps. This reaped millions of dollars in ad revenue from companies paying to advertise with in-app ad networks — including those ran by Google itself. It’s a clever system, one that relies on hiding fraudulent bot traffic in plain sight next to regular user data, making it harder for any anti-fraud system to detect it.
Buzzfeed News has already made Google aware of the scheme, and the company has begun to take action, noting in a separate blog post that it has removed several of the apps involved with the scheme from both the Play Store and its ad network, although some of the larger apps detailed by Buzzfeed’s report — including EverythingMe, an app with over 20 million installations — are still available on the Play Store. According to Google’s report, the company estimates that roughly $10 million had been stolen through fake views from advertisers through Google’s ad network alone.