One way the fraudsters find apps for their scheme is to acquire
legitimate apps through We Purchase Apps and transfer them to
shell companies. They then capture the behavior of the app’s human
users and program a vast network of bots to mimic it, according to
analysis from Protected Media, a cybersecurity and fraud detection
firm that analyzed the apps and websites at BuzzFeed News’
This means a significant portion of the millions of Android phone
owners who downloaded these apps were secretly tracked as they
scrolled and clicked inside the application. By copying actual
user behavior in the apps, the fraudsters were able to generate
fake traffic that bypassed major fraud detection systems. […]
In total, the apps identified by BuzzFeed News have been installed
on Android phones more than 115 million times, according to data
from analytics service AppBrain. Most are games, but others
include a flashlight app, a selfie app, and a healthy eating app.
One app connected to the scheme, EverythingMe, has been installed
more than 20 million times.
The bottom line: if the metric used for charging for advertising can be faked, it will be faked. Ad tracking is both an invasion of privacy and an open invitation to fraud.