Several Apps Removed From Google Play Store After Ad Fraud Scheme Is Uncovered

Google has pulled several popular Android apps from the Google Play Store after the discovery of an ad fraud scheme on the apps.

The original report came from Buzzfeed News, who uncovered the fraud scheme the developers behind the apps were pulling. One of the developers identified in the scheme was DU Group, which had six of their apps pulled from the store as a result of the discoveries.

DU Group’s apps alone account for 90 million downloads on Android platforms, with their popular Selfie Camera app accounting for 50 million downloads.

Security and ad-fraud research firms Check Point and Method Media Intelligence explained that the apps contained code to help automatically generate revenue for the companies. The hidden code in the apps caused the apps to click on displayed ads without a user’s knowledge. The code would work even when the app wasn’t open, draining a user’s phone battery and using mobile data.

The apps also hid DU Group’s ownership of the apps, allowing the apps to gather data and send them back to China. This goes against Google’s developer policy, which doesn’t allow "apps or developer accounts that impersonate any person or organization, or that misrepresent or conceal their ownership or primary purpose ... or conceal their country of origin and that direct content at users in another country."

Privacy International also reviewed the privacy terms of the apps, finding that most were either confusing or inadequate, while raising questions about data sharing with third-party entities, including governments.

The firms were also able to identify two additional pieces of code that could be used fraud, as well.

Buzzfeed News was able to identify the apps by going through the Google Play Store to identify ones that asked for a large number of user permissions. These apps were then passed along to Check Point and Method Media, which were able to identify the hidden code.

These findings come after another investigation by Buzzfeed News in March that uncovered ad fraud being committed by Chinese app developers Cheetah Mobile and Kika Tech. This discovery prompted a reaction from Sen. Mark Warren of Virginia, who said the companies posed a risk to national security.

"We explicitly prohibit ad fraud and service abuse on Google Play. Developers are required to disclose the collection of personal data, and only use permissions that are needed to deliver the features within the app," a Google representative said in a statement to Buzzfeed.

The statement also pointed out that "if an app violates our policies, we take action that can include banning a developer from being able to publish on Play."

Shortly before the Buzzfeed story was released, the apps were removed from the Play Store. Google also announced it would be hiring more people to evaluate apps on the Play Store.