Mobile ads are a huge source of revenue for app developers. Especially when you have a free app, you can be sure it’s sponsoder by the occasional ad. How annoying the banner would be is hugely up to the developer.
But others have found ways to make money off of ads without you ever seeing them… or even knowing what’s happening on your phone.
A recent BuzzFeed News investigation into a number of popular Android apps has uncovered a large-scale ad fraud, encompassing a lot of the published software. Said apps were discovered to come from Chinese developer DU Group, although the publishers took steps to conceal that fact.
What did they do? Well, the apps would generate false ad clicks coming from your phone. It doesn’t matter if you had them open or closed, their scripts would run in the background and generate revenue for their developer by fooling the ad system into thinking that users were engaging with ads served to them. To the end user, this means that the permissions they agreed with were abused, and their phones’ resources (battery and processing power) were used for tasks they did not consent to.
Additionally, the apps were collecting and sending user data back to DU Group’s servers. It is yet unclear what type of data was gathered.
While one might say that faux ad clicks are barely a danger for the end user, the occurance still outlines the fact that smartphone security and permissions still have a long way to go. No matter how you look at it, this ad fraud network is a form of a trojan, which was freely distributed and available through the Play Store.
In other words — be aware of what you install and what permissions you give to your new apps. Does a Flashlight app really need access to your contacts? We are pretty sure the answer to that is “no”.
What Google is doing
After being notified of this by BuzzFeed News, Google has pulled and blacklisted the reported apps. This means that even the ones that are still installed on user phones can’t access the Google ad services and generate revenue.
On a seemingly unrelated note, a day before BuzzFeed News contacted Google with this information, the search giant published its own blog post where it stated it will be re-thinking how phone permissions work in the near future. As per the post, Android Q will feature system-level changes to the permission system, which would aim to improve transparency and user control. Additionally, the Play Developer policies will also be getting an update focused on privacy.
Google has also promised that it will be hiring more people to help with the evaluation process of apps on the Play Store.