Slashdot Mirror
Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion Dollar Ad Fraud Scheme (buzzfeednews.com)
A new investigation uncovers a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids. From a report: Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off. "I did a little bit of digging because I was a little sketched out because I couldn't really find even that the company existed," Schoen told BuzzFeed News. The We Purchase Apps website listed a location in New York, but the address appeared to be a residence. "And their phone number was British. It was just all over the place," Schoen said. It was all a bit weird, but nothing indicated he was about to see his app end up in the hands of an organization responsible for potentially hundreds of millions of dollars in ad fraud, and which has funneled money to a cabal of shell companies and people scattered across Israel, Serbia, Germany, Bulgaria, Malta, and elsewhere.
Schoen had a Skype call with Andrea and her colleague, who said his name was Zac Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay Schoen up front in bitcoin. "I would say it was more than I had expected," Schoen said of the price. That helped convince him to sell. A similar scenario played out for five other app developers who told BuzzFeed News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati told BuzzFeed News he was only hired to buy apps and had no idea what happened to them after they were acquired.) The Google Play store pages for these apps were soon changed to list four different companies as their developers, with addresses in Bulgaria, Cyprus, and Russia, giving the appearance that the apps now had different owners.
But an investigation by BuzzFeed News reveals that these seemingly separate apps and companies are today part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.)
One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app's human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News' request. This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems. Response from Google.
Schoen had a Skype call with Andrea and her colleague, who said his name was Zac Ezra, but whose full name is Tzachi Ezrati. They agreed on a price and to pay Schoen up front in bitcoin. "I would say it was more than I had expected," Schoen said of the price. That helped convince him to sell. A similar scenario played out for five other app developers who told BuzzFeed News they sold their apps to We Purchase Apps or directly to Ezrati. (Ezrati told BuzzFeed News he was only hired to buy apps and had no idea what happened to them after they were acquired.) The Google Play store pages for these apps were soon changed to list four different companies as their developers, with addresses in Bulgaria, Cyprus, and Russia, giving the appearance that the apps now had different owners.
But an investigation by BuzzFeed News reveals that these seemingly separate apps and companies are today part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.)
One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app's human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News' request. This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems. Response from Google.
One parasite ripping of another...
I wonder what percentage of Google ad impressions are from fake views. You would think a significant percentage of people have adblockers by now.
Google and Apple should disable auto-update on apps that change owners. If you want an update after the app has changed owners, you should at least be aware of the change, which would cut way down on this type of scam.
How to demonstrate that Google ads is the biggest racket fraud on earth and will start a lovely class suit.
I want to write apps for them. Although I feel a little sorry for the bots involved.
I downloaded a flashlight app a while ago. It wanted access to every single feature on my phone, including my contacts and flash storage. All it does is turn the flash on. It's got adverts on it.
I don't use apps at all on my phone. I'm one of the very few people I know that use their phones for calling and texting. Even then I'm dubious about the bundled apps, many of which I can't even delete.
All of them. Every single one. Do you understand? There are no apps that are not malware.
It's 2018 and all apps malware.
Most operating systems are also malware.
Looked into a popular anime app called GACHA by lunime.com. It draws kids into an online community and they have quite the portfolio of apps on the store. Whois: blank Godaddy: generic details (no real name etc) Found the physical address registered with GoDaddy. Google Earth, nothing. So the people who produced all of these apps targeted at young kids doesn't want to be found? How much of this is going on? I tried to find out what endpoints, if any, these apps were hitting. Good luck unless you want to root your phone. Fuck this shit.
Again? It has always been greedy.
But that's just because it is full of humans, and humans are greedy.
Like, the teeming masses of poor people who want free stuff from the rich....they are greedy. They call the rich greedy for not wanting to share, but that works both ways. The poor think they aren't greedy because what they are asking for is just a little.....but....that "just a little" becomes quite a lot once it is multiplied by the number of people who want it....in return for nothing.
Greed, it's everywhere.
Emoji Switcher
Welp, that's it.
We have reached peak software stupidity.
Let's pack it up. We're done here.
Only the appiest apps can app apps while apping other apps, and apps that app other apps get apped!
Apps!
The silver lining is that this will discourage companies to waste their money on online advertisements. In fact, we should applaud "fake ad view" efforts. What's to complain about?
Go home, Ivan, you're drunk. Take your wretched fifth of Vodka with you.
It’s not “android apps”. Stop using that term, it’s a scaremonger term and purposely created to make it seem like the fault is android.
Exactly the same behavior could be present on iphone or windows apps too, the problem
Is completely independent of the OS.
Are we to assume, BuzzFeed have moved on from the "Find out what kind of pizza you are" and unsourced anti-Trump hit-pieces to actual credible journalism? Skeptical as I am of Google, BuzzFeed has an even longer way to go to credibility...
In Soviet Washington the swamp drains you.
From TFS: a cabal of shell companies and people scattered across Israel, Serbia, Germany, Bulgaria, Malta, and elsewhere
Reading comprehension classes are definitely in order for you. As well as tolerance and diversity re-training camp, as you obviously are not too tolerant of others that are different than you.
Since this landmark study came out, the internet industry has been in a low-grade panic because the data shows that its ads do not work and thus, its numbers are all fake. People online do not respond to ads as people on television or reading a newspaper do; they simply tune out the noise. Ever since then, these companies have been directly or indirectly faking their numbers, because they know when the real numbers come out, the Big Tech game is up and they all go back to managing Windows networks at donut shops in small midwestern cities.
Alternative Right.
the study is ACTUALLY just saying that using clicks on a ad as a measure of success is not meaningful, NOT that digital advertising is fake and doesn't work
that study came out in 2009 - digital advertising spend is multitudes higher then what it was in 2009 - nothing within the reply you posted is useful or true.
Are you implying someone called alternative_right posted some Fake News?
Ever since then, these companies have been directly or indirectly faking their numbers, because they know when the real numbers come out, the Big Tech game is up and they all go back to managing Windows networks at donut shops in small midwestern cities.
Good.
Perhaps we can rid the internet of part one of it's toxic presence.
Next up will be Microsoft and their malware emulating updates.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Fine with me. We can all go back to what works. Paywalls!
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
how the hell would a shit-site like BUZZFEED be able to do this kind of investigation? How did the various app developers come into contact with each other? Did they all just magically found themselves in the very same coffee shop and began sharing the experiences of the sales of their apps to another company, and discover that this was happening?
Is there any proof that the apps were "recording user behavior" and that a "vast network of bots" was programmed to replay this? Nothing in this article makes any sense whatsoever. It literally stinks like an intentional attack on a legitimate publishing house that buys apps as an investment.
I am surprised that there are still frauds of this type
Advertisers must be horrified at the prospect that someone could lie to them. Like actually lie. In broad daylight. With nobody stopping them. Wow!
It's OK Bender, there's no such thing as 2.
The truth still is that NO advertising, digital or otherwise, makes people buy things. None.
It's OK Bender, there's no such thing as 2.