A huge scheme to defraud advertisers via android apps has been discovered. A SWATHE of sophisticated bots were able to bypass Google’s checks to put a giant fraud operation at the heart of the Google Play Store and generate what some experts claim could be over $500 million in fraud.
An investigation by Buzzfeed News found a total of 125 apps which were bought by a company called We Purchase Apps or one of its employees, Tzachi Ezrati. The prices were generous and the payments in Bitcoin, whilst the contact details for the company – with a UK phone number and a US residential address – showed that things were not as they seem.
Once the developers sold their apps, they were updated to show that they were owned by various companies in Bulgaria, Cyprus and Russia.
Of course, as you’ve probably guessed by now, the deal appears not to be on the level and, in fact, the apps became part of an advertising fraud scheme where advertisers were forced to pay up for ad placements that were in fact only ever seen by bots.
So where do our zombie apps come in? Well, it seems the gang used the real human behaviour of these established apps to train a neural network to imitate them, thus avoiding detection by Google’s systems.
In total, it is estimated that the apps have been downloaded a total of 115 million times, with one app alone clocking 20 million hits.
The apps are owned by multiple firms in multiple countries to disguise the size and scale of the scheme. When one fraud detection company, Pixalate, spotted part of the scheme and suggested it could be worth $75m per year in fraudulent ad-revenue, an anonymous message was received from someone close to the fraudsters suggesting that the real number is 10x that.
Google has already removed 40 apps, and blocked access to several websites, as well as closing down a number of developer accounts.