BuzzFeed News: ‘Apps Installed on Millions of Android Phones Tracked User Behavior to Execute a Multimillion-Dollar Ad Fraud Scheme’

Craig Silverman, reporting for BuzzFeed News:

One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.

This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems. […]

In total, the apps identified by BuzzFeed News have been installed on Android phones more than 115 million times, according to data from analytics service AppBrain. Most are games, but others include a flashlight app, a selfie app, and a healthy eating app. One app connected to the scheme, EverythingMe, has been installed more than 20 million times.

These criminals raked in tens of millions of dollars, maybe hundreds of millions, including millions from Google’s own ad network.

The bottom line: if the metric used for charging for advertising can be faked, it will be faked. Ad tracking is both an invasion of privacy and an open invitation to fraud.

Wednesday, 24 October 2018