Staff Reporters
Aug 8, 2023

Invisible ad fraud uncovered on Google Play apps, affects millions of Korean Android users says new cyber report

Researchers have uncovered 43 rogue apps that collectively received 2.5 million covert downloads, violating Google Play's developer standards.

Invisible ad fraud uncovered on Google Play apps, affects millions of Korean Android users says new cyber report
Cybersecurity experts McAfee's Mobile Research team has uncovered a concerning practise, whereby apps distributed through Google Play are covertly loading ads while the user’s device screen is turned off.
 
In an advisory released last Friday, the organisation revealed that whilst this may be a convenient way for developers to make money without subjecting consumers to invasive adverts, the action in fact, is a violation of Google Play's developer standards which specify how advertisements should be shown. 
 
"This affects not only the advertisers who pay for invisible ads, but also the users as it drains battery, consumes data and poses potential risks such as information leaks and disruption of user profiling caused by clicker behaviour," said McAfee.
 
The research uncovered 43 rogue apps that collectively received 2.5 million downloads, with the well-known TV/DMB player, music downloader, news, and calendar apps being amongst the most affected categories.
 
The apps in question used an advanced ad fraud library that deploys delay techniques to avoid detection and inspection. The fraudulent behaviour can also be remotely changed and pushed using the Firebase Storage or messaging services, which makes it more difficult to identify the malicious activity.
 
Once installed, the adware requests certain rights like "Power Saving Exclusion" and "Draw Over Other Apps," enabling covert background operations, according to McAfee. This lets in more malicious activity, such as showing phishing pages and ads without the user's knowledge.
 
When the device screen is off, the ad fraud starts retrieving and loading ads while the users are still unaware. In order to receive advertisement URLs from Firebase Storage, the library registers device information and requests particular domains, taxing the battery and using up mobile data.
 
McAfee have reported their findings to Google, resulting in a number of the apps being updated to conform with their regulations, and others deleted from the Play Store entirely.
 
McAfee has said it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions such as the power saving exclusion before allowing them. While these might be required for certain legitimate functionalities for running in the background, it is important to consider the potential risks linked with them, such as enabling hidden behaviours or reducing the relevance of ads and contents displayed to users because of the hidden clicker behaviour.
 
Source:
Campaign Asia

Related Articles

Just Published

2 hours ago

40 Under 40 2024: The trailblazers redefining ...

Campaign Asia-Pacific's prestigious 40 Under 40 winners are driving innovation and pushing boundaries across the region's marketing landscape. Prepare to be inspired.

2 hours ago

40 Under 40 2024: Hai Anh Vu, Publicis Media

Vu’s rapid and assured changes upon joining Publicis resulted in positive transformation across business and talent in just two years.

2 hours ago

40 Under 40 2024: Dalton Henshaw, Bullfrog

Henshaw may have provoked doubters when he launched a creative indie shop during the onset of the pandemic. But four years later, armed with a healthy roster of clients and a set of happy employees, who’s laughing?

2 hours ago

40 Under 40 2024: Tala Booker, Via

What does it take to build a global communications agency in a year? Ask Tala Booker, the former HSBC executive who's rewriting the rules.