Clicky

Android apps with over 50M downloads were involved in adfraud and data harvesting

Now, what in the world does a flashlight need 31 authorizations for?

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

Google has recently removed six Chinese-based apps from its store. After a report published on Buzzfeed News that brought to light a flourishing market of ad frauds and abuses of permission, Mountain View’s tech giant has decided to take action by eliminating some fairly popular apps in Play Store.

Most of the outlawed apps are Chinese, six of which belong to DU group (a division of Baidu group –tech giant, owner of China’s n°1 search engine). Some of the banned apps have more than 50 million downloads.

The frauds consisted mostly in generating revenues with ‘fake’ ad clicks, by running the ads in the background when the app is used, and without the user noticing. Furthermore, the apps were concealing their true ownership, being sold under a different developer’s name (“Pic Tools Group”) and sending large volumes of sensitive data by asking several permissions of their users.

Some of the apps involved in the scam, such the AIO Flashlight, are extremely popular because: “[Flashlight app developers] took advantage of a window of opportunity when iPhones and Android devices did not have built-in flashlight functionality, so real humans downloaded flashlight apps that asked for insane permissions and few noticed since they just gave all permissions when installing,” as said by Augustine Fou, an independent ad fraud researcher, to BuzzFeed News. AIO was generating fake clicks and strangely enough for a humble flashlight, asked for 31 permissions, seven of which considered dangerous.

Now, what in the world does a flashlight need 31 authorizations for?

Additional strange cases of permissions asked are a kids educational app called WaWaYaYa that was asking 32 permissions, 7 of which potentially dangerous, and sending the data back to the servers in China.

The all-American Samsung TV remote control asked for 58 permissions. One of which, the microphone, apparently to record and understand what our favorite TV shows are.

How did this happen? Well, first of all not every user of technology is tech-savvy. Second, because we all have a tendency to be lazy and install without reading all the small print.

Google has commented that these type of ad frauds are rare and go against its policies, that’s why all the 6 apps where blacklisted. Nevertheless, some of these apps generate a multi-billion dollar industry: in a world that is ruled by profit, we better beware every time we install or authorize something on our devices.

If you’re tired of censorship and surveillance, subscribe to Reclaim The Net.

Read more

Share this post

Reclaim The Net Logo

Join the pushback against online censorship, cancel culture, and surveillance.

Already a member? Login.