Google continuously improve their security on Android apps to reduce the number of junks and fake apps that harm the users.
Earlier this year, Google already deleted over a thousand apps that committed fraud by means of collecting personal data, requesting unnecessary access to other apps, and even app replicas made by hackers. In addition to its security, Google also disqualified request access to apps that want to access messages, contacts, and other personal info just to collect user data.
Apparently, there are still some apps that were able to escape Google’s security, and surprisingly, these are the apps that majority of Android phone users use.
According to the app analytics firm Kochava, there are seven apps from Cheetah Mobile and one from Kika Tech that are used to commit click fraud with advertisements. The crazy thing is, we’ve been using these apps for years and these apps already have over 65 million downloads in the Google Play Store.
Kochava stated that they have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars. The firm submitted the data to BuzzFeed.
The report says, “This particular scheme exploits the fact that many app developers pay a fee, or bounty, that typically ranges from 50 cents to $3 to partners that help drive new installations of their apps.
“Kochava found that the Cheetah and Kika apps tracked when users downloaded new apps and used this data to inappropriately claim credit for having caused the download.
“The practice being executed by Cheetah and Kika is referred to as click flooding and click injection, and ensures these companies are rewarded an app-install bounty even when they played no role in an app’s installation.”
The 8 apps that commit ad click frauds are the following:
- CM File Manager – 65 million downloads
- CM Locker – 105 million downloads
- Cheetah Keyboard – 105 million downloads
- Battery Doctor – 200 million downloads
- Kika Keyboard – 205 million downloads
- CM Launcher 3D – 225 million downloads
- Security Master – 540 million downloads
- Clean Master – 1 billion downloads
Used any of these apps? I bet you do at least one.
CM Locker and Battery Doctor were immediately removed from the Google Play Store after the BuzzFeed article was published. The other 6 apps are still active and still under an on-going investigation by Google.
Both Cheetah Mobile and Kika Tech denied the allegations and play the victim of the issue. Kika Tech reasoned out that the malicious codes generating the ads were placed without their knowledge. Cheetah Mobile sent the blame on third-party SDKs. Sadly, Kochava isn’t buying any of these claims and pushes Google to continue the investigation.
There is still no news if private data were affected using these ads. So far, Kochava only stresses that these two developers have been stealing millions of dollars from Google via clicks and downloads.
Google has not yet announced that all of these apps will be removed from the Play Store. But just to be safe, start uninstalling them today before worst comes to worst.