BuzzFeed’s Craig Silverman authored a report on a series of mobile apps that are used to enable ad fraud.
Eight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars, according to research from Kochava, an app analytics and attribution company that detected the scheme and shared its findings with BuzzFeed News.
Seven of the apps Kochava found were engaging in this behavior are owned by Cheetah Mobile, a Chinese company listed on the New York Stock Exchange that last year was accused of fraudulent business practices by a short-seller investment firm — a charge Cheetah vigorously denied. The other app is owned by Kika Tech, a Chinese company now headquartered in Silicon Valley that received a significant investment from Cheetah in 2016. The companies claim more than 700 million active users per month for their mobile apps.
Kochava and Method’s Praneet Sharma analyzed the apps and found that the Kika Keyboard app executed click flooding and injection using the company’s own proprietary software and with functions built directly into the app itself.