- Seven Cheetah Mobile apps have been accused of ad fraud by an analytics company.
- The apps purportedly check for new app installs on a user’s device to claim a bounty for driving the installation.
- An eighth app accused of ad fraud received an investment by Cheetah Mobile in 2016.
Prominent Chinese app developer Cheetah Mobile is no stranger to controversy, but the company’s apps have now been implicated in a huge ad fraud scheme.
App analytics company Kochava (h/t: Buzzfeed) found that eight apps in the Play Store, seven of which were Cheetah Mobile creations, were tracking new app installs on users’ devices. It’s alleged that they would then falsely claim credit for driving the installation of these new apps in order to claim a fee or bounty. This fee usually ranges from 50c all the way to $3 for partners who legitimately drive installations via in-app advertising or prompts.
The seven Cheetah apps are Clean Master, CM File Manager, CM Launcher 3D, Security Master, Battery Doctor, CM Locker, and Cheetah Keyboard. Buzzfeed and Kochava noted that the developer of the eighth app (dubbed Kika Keyboard) received an investment from Cheetah in 2016.
It makes for an extremely unethical move if true, because the offending apps obviously had nothing to do with driving app installs in the first place. It’s also questionable because the suspect apps would be misleading users about why they require permissions in the first place. It therefore makes you wonder what else the company is tracking or collecting for the sake of nefarious activities.
What’s the excuse for ad fraud?
Kika responded to the allegations, claiming these practices took place without their knowledge. However, further third-party analysis revealed that the company’s proprietary software was used, along with functions in the app itself. This makes it highly unlikely that someone else managed to maliciously tweak the app.
Meanwhile, Cheetah Mobile initially suggested that third-party SDKs were to blame for the dodgy activity. But when the outlet told the company that the SDK in question was owned and developed by Cheetah Mobile, the company denied that its SDKs were involved in ad fraud.
Praneet Sharma of ad fraud investigative company Method Media Intelligence told Buzzfeed that the accused apps were “wildly over-permissioned.” The Clean Master app, for example, asks for permission to record audio, take photos/video clips, read/modify your calendar (including confidential events), view your app and web browser history, and read your contacts. And those aren’t the only permissions it requires.
Sharma then called on Google to block apps with many permissions from being allowed into the Play Store. It sounds like a step in the right direction, forcing developers to pick and choose their permissions. But it might have the unintended consequence of blocking legitimate apps like launchers and Tasker.
What are the warning signs you keep in mind before downloading an app? Let us know in the comments!
November 26, 2018 at 09:46PM