BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

AI Is The Past, Present And Future Of Cybersecurity
Google Strikes Ahead Of iPhone 16 And iOS 18 With New Android Security
Google’s New AI Feature ‘Incredibly Dangerous,’ Android Users Warned
ChatGPT-4o Is Wildly Capable, But It Could Be A Privacy Nightmare
WhatsApp Reveals Clever New Feature To Ensure Your Secrets Stay Secret
European Commission Probes Meta Over Youth Social Media Addiction
Edit Story
ForbesInnovationCybersecurity

Google Bans Android Developers With 200M Downloads Sued By Facebook For Ad Fraud (Updated)

Zak Doffman
Contributor
Opinions expressed by Forbes Contributors are their own.
I cover security and surveillance
Following
This article is more than 4 years old.

On Wednesday, Facebook announced that it had filed its first lawsuit against two Asian developers for "click injection fraud—where developers made apps available on the Google Play store to infect their users’ phones with malware [which] created fake user clicks on Facebook ads that appeared on the users’ phones, giving the impression that the users had clicked on the ads."

But maybe no longer. At the time of first publishing this story, the developers—with more than 200 million downloads between them—continued to have apps available on Google Play. But, later on Wednesday, Google spokesperson Scott Westover contacted me to say that "these developers have been banned."

According to Facebook, LionMobi of Hong Kong and JediMobi of Singapore “generated unearned payouts from Facebook for misrepresenting that a real person had clicked on the ads." This is so-called click injection fraud, where automatic ad clicks are generated from (usually) viral apps without a user doing anything or being aware. As such, revenue is generated for the developers against the interests of the advertisers and Facebook. As users play on those apps, the fake ad clicks are being generated over and over again in the background. 

Last week, I reported that around 200 harmful apps on the Google Play Store had been downloaded more than 32 million times in July alone. Most of those downloads related to ad-fraud of one kind or another. Basically, threat actors planting fake or malware-laced ads on user phones or generating ghost clicks for payment.

MORE FOR YOU

Ghost Of Tsushima Is Already Flooded With Negative Reviews On Steam

WWE SmackDown Results, Winners And Grades With Stratton Vs. Belair

Biden Trump Debates What To Know As Trump Pushes For 2 More Faceoffs

The issue, though, is much larger and this is a warning shot for many other developers around the world—the lawsuit, Facebook says, "is one of the first of its kind against this practice." It is unlikely to be the last. In light of its data scandals, Facebook has demonstrated that it is now much more willing to head to court to keep its ecosystem in check.

"When we do the math, only on last month and only from available sources," ESET researcher Lukas Stefanko who exposed July's 32 million downloads told me, "not counting apps that could be there still hidden—this number [of fake apps] is huge."

Last year, Buzzfeed News reported that "eight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars." All eight apps were Chinese in origin, with seven from a single developer, Cheetah Mobile. 

As I've said before, while we worry unnecessarily about viral crazes like FaceApp, the truth is that it's the apps we don't see coming that we should worry about, those apps we're downloading millions of times but which usually don't make headlines.

Follow me on Twitter or LinkedIn
Zak Doffman
Zak Doffman
Following