Android Ad-Fraud Scheme

BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme.

After being provided with a list of the apps and websites connected to the scheme, Google investigated and found that dozens of the apps used its mobile advertising network. Its independent analysis confirmed the presence of a botnet driving traffic to websites and apps in the scheme. Google has removed more than 30 apps from the Play store, and terminated multiple publisher accounts with its ad networks. Google said that prior to being contacted by BuzzFeed News it had previously removed 10 apps in the scheme and blocked many of the websites. It continues to investigate, and published a blog post to detail its findings.

The company estimates this operation stole close to $10 million from advertisers who used Google's ad network to place ads in the affected websites and apps. It said the vast majority of ads being placed in these apps and websites came via other major ad networks.

Lots of details in both the BuzzFeed and the Google links.

The Internet advertising industry is rife with fraud, at all levels. This is just one scheme among many.

Posted on October 25, 2018 at 6:49 AM • 21 Comments

Comments

JimFiveOctober 25, 2018 7:52 AM

Doesn't this: "The company estimates this operation stole close to $10 million from advertisers who used Google's ad network to place ads in the affected websites and apps."

Actually mean that those companies paid Google $10 million dollars? Or do I misunderstand how internet advertising works?

JOOctober 25, 2018 8:26 AM

@JimFive

The creators of the adverts pay Google to place them and then google in turn pays the applications/sites that display their ads some of the money as well. So presumably, the $10 million is how much the app owners made off with for "pretending" to serve ads that they didn't really serve.

I think they also get paid more for users clicking through the ads and viewing the site it links to. They've often tried to fake that activity and even just asking your readers/viewers to click ads is banned as it defrauds the ad buyers. It seems the novel thing here is mimicing actual user behavior and amplifying it to get around the heuristic analysis that finds cheaters by being more like real user behavior.

meOctober 25, 2018 8:26 AM

> track users' behavior in order to mimic it in a way that evades bot detectors

clever trick, i love when tracking backfire on itself.

vas pupOctober 25, 2018 8:33 AM

Behavioral detection related:
Rating movies based on fear pheromones in the cinema
https://www.sciencedaily.com/releases/2018/10/181022122904.htm

"A measurable criterion now exists for determining the age rating of films. A group of scientists at the Max Planck Institute for Chemistry in Mainz has found that [!!!]the concentration of isoprene in cinema air correlates with the cinema industry's voluntary classification of films. =>>>Evidently, the more nervous and tense people are, the more variable is the isoprene they emit. This can be used to deduce how "stressful" a film might be for children and adolescents.

Do our emotions leave a chemical fingerprint in the air?

In order to detect the chemical clues, the scientists connected a mass spectrometer to the cinema's ventilation system. During the film screenings, the device, which can identify substances even at ppt levels, was used to track changes in the air composition by taking measurements once every 30 seconds. In this way the team analyzed the concentrations of 60 compounds. Based on the data, the scientists then created a model that compares the age classification with the data on how often and in what quantities the audience released those compounds.

Jonathan Williams has now come up with a new research idea for the unambiguous correlation they identified for isoprene.
===>>>He plans to investigate whether the volatile organic compounds we emit leave a chemical fingerprint in the air, not only of tension
[!!!]but of other emotional states as well. His team was unable to determine this clearly during the film screenings, because scenes that elicit very different emotions follow each other in rapid succession, thereby blurring the potential air-borne chemical traces. However, by taking air measurements under controlled laboratory conditions, in collaboration with other Max Planck Institutes in Frankfurt and Nijmegen, Jonathan Williams now hopes to conduct a thorough investigation into the question of whether specific emotions leave traces in the air."

I guess soon we will have new era of polygraph with measurements of exhale air components. IC should spend money through IARPA for such research. And obsessed with putting restrictions on sex related content, US film industry could finance such research on X rating movies as well.

SlagOctober 25, 2018 8:42 AM

Breathalyzer in court "Do you swear to tell the truth, the whole truth and blow into the tube?"

Clive RobinsonOctober 25, 2018 8:45 AM

@ All,

I know I should not feel happy on reading,

    The company estimates this operation stole close to $10 million from advertisers...

But there is something inside me that says that the advertisers deserve it for being so daft in the first place...

In the past I've asked people I know if they ever purchased anything from placed adverts, and the answer is generally "No".

I personally resent the advertisers because I pay for my bandwidth and they are trying every trick they can to steal it from me, thus I regard them as thieves. Look at it this way if you had to pay the postage on every piece of junk mail you get through the postal system how would you feel? That in essence is what Internet Advertisers are doing to you.

Denton ScratchOctober 25, 2018 9:09 AM

"uses bots to perpetuate an ad-fraud scheme"

perpetuate: render perpetual.
perpetrate: commit a crime.

meOctober 25, 2018 9:14 AM

@Clive Robinson

>in the past I've asked people I know if they ever purchased anything from placed adverts, and the answer is generally "No".

maybe they don't realize that they clicked an ad-link.
for example top google results has "ad" label but not anyone notice it or care about it.
i saw someone clicking on a facebook ad labeled "sponsored" without noticing, i said it to him but he couldn't understand the difference.

>thus I regard them as thieves.
same here, but there is more, they try every way to track you without consent, they also use dark patterns.
for example "we use cookies, if you click anyware or scroll you agree, if you don't agree please install our browser extension"
wtf?!?!?
sometimes there is no button but if you click it it just reload the page and the message is still there (for sure not a bug).
There is no need of complex/custom opt-out, we have "do not track" header, it only need to be respected.
but what i hate most is that they treat you without respect, for them you are not a human you are a product, a product that can be sold to the highest bidder without any kind of respect.
when i think about ads in internet i imagine me placed "on sale" on a shelf at supermarked like any other product and this is not nice.

SebastianOctober 25, 2018 10:24 AM

BuzzFeed News sent an email citing Anatot’s claims to the address listed on the company’s website. “This is very interesting,” someone wrote back. “Today, i cannot speak but Friday.” They did not reply to subsequent emails.

To be fair, the responder didn't specify which Friday.

Fraud, like water, will always find a way in to the empty spaces and compromise the foundation. I realize Buzzfeed has an army of diligent and astute researchers to dig in to rabbit holes, etc. but it seems to me Google should have a bit more intelligence baked in to their universe to help flag potential violators. Similar to Palantir but without all the evil.

HumdeeOctober 25, 2018 11:48 AM

Am I the only one to recall that when Google was first getting off the ground there were persistent rumors that many of the clicks that Google was charging for were fake? There is a cogent case that Google itself was founded on advertising fraud.

"but it seems to me Google should have a bit more intelligence baked in to their universe to help flag potential violators."

Google has a vested interest in not catching fraud because it helps the bottom line. Google has to run a cost-benefit analysis. On one hand if it does nothing about fraud then people will lose trust and won't buy ads. On the other hand if it does too much about fraud it may waste resources unnecessarily looking for something that doesn't exist. So there is a real "moral hazard" here for Google. It is the same moral hazard that big MMOs like WoW face controlling botting.

JackOctober 25, 2018 8:05 PM

A trillion dollar marketing-scheme is crying over 10 million bucks ??

As Bill Hicks said : If you work in marketing, go kill yourself, eat a bullet, suck a tailpipe, you are Satans helper.
The whole ad-driven "net-economy" is a fraud making a few people beyond filthy rich for producing absolutely nothing of real value.

JamesOctober 26, 2018 12:36 PM

This is good news. A thief that steals from another thief has 100 years or forgiveness.

don't be compartmentalizedOctober 26, 2018 10:29 PM

@Sebastian

but it seems to me Google should have a bit more intelligence baked in to their universe to help flag potential violators. Similar to Palantir but without all the evil.
It is plausible that some of Alphabet was aware of the issue but could not disclose the facts to the relevant engineering team due to "need to know" restrictions. Laundering actionable evidence through Buzzfeed could solve that problem nicely for most everyone involved besides the scammers.

TatütataOctober 28, 2018 2:23 PM

Can a website guarantee that the mark pays any attention?

I more or less blindly click through advertisements, without even noticing what they were about. Something of a routine: I look for something, a video opens, covering the content, and I scramble to find the miniature pop-up control before my ears are molested for too long. Am I stealing?

Advertising is something of a hail Mary business. Are Google and friends really effective in delivering profitable leads?

A saying has been going around for 100 years that half of money spent on advertising is expended in vain, but you couldn't say which half it is (Bernays? It was first said in the 1920s.). My own estimate would be north of 90%...

TatütataOctober 28, 2018 2:59 PM

I wrote something here about one hour ago, and wanted to add/correct something. But it seems gone, I'm quite sure it was here, and I don't think it contained anything offensive or objectionable. What's happening?

ModeratorOctober 29, 2018 8:41 AM

@Tatütata, I don't know why your correction was held for moderation, there was nothing problematic about it. I've just approved it, and have also corrected the link in your original comment.

ModeratorOctober 29, 2018 8:53 AM

@Tatütata, as it turned out, the comments I just corrected and approved occurred on "On Disguise" several days ago. I see nothing held up more recently than that. Please resubmit your most recent comment and report back if it doesn't go through a second time.

A Nonny BunnyNovember 3, 2018 3:20 PM

I personally resent the advertisers because I pay for my bandwidth and they are trying every trick they can to steal it from me, thus I regard them as thieves. Look at it this way if you had to pay the postage on every piece of junk mail you get through the postal system how would you feel? That in essence is what Internet Advertisers are doing to you.
Imagine how I feel about may newspaper subscription, I pay hundreds of euro's a year, and it's full of advertisements! Why am I paying for advertisements? It's ridiculous.

Isn't that the same like with the internet? I pay hundreds of euro's per year on for an internet subscription. Surely, somehow, that money magically makes it way to the creators of online content and they don't need some other actual source of income.

...

Well, something is clearly ridiculous.
But maybe it's the hypocrisy of accusing advertisers of "stealing" bandwidth, when you're "stealing" bandwidth from content hosts. Cause you're not paying for theirbandwidth (or content), are you?
I mean, I've got adblocker too, but you won't hear me arguing I'm not a hypocrite anymore than ranting about how advertisement is theft.

A Nonny BunnyNovember 3, 2018 3:38 PM

@vas pup

Behavioral detection related:
Rating movies based on fear pheromones in the cinema
https://www.sciencedaily.com/releases/2018/10/181022122904.htm
It's interesting, but considering the following bit from the article:

"They measured the composition of air in cinemas as well as levels of volatile organic compounds (VOCs) during 135 screenings of eleven different movies. Over 13,000 audience members were involved"

I have severe doubts their result could be statistically significant. There's only 135 screening, and 60 chances to find a compound that happens to somewhat correlate with the movie rating.
It's sounds like that study "detecting" brain activity in a dead fish, except these people probably belief they found something.

TimothyNovember 17, 2018 11:30 PM

A Russian national Alexander Zhukov was arrested on November 6 in Varna, Bulgaria where he had been living since about 2010. He is accused of affiliate fraud which involves directing fake web visitors to a website to generate higher affiliate marketing commissions or advertiser access fees. The fraud allegedly caused $7 million in damages. The Interpol warrant originated from prosecutors based in NY. Zhukov is currently being held in Bulgaria, pending extradition hearings. According to CyberScoop, the indictment is sealed and may remain so until he is extradited to the U.S. The U.S. and Bulgaria have a bilateral extradition agreement.

https://www.cyberscoop.com/suspected-russian-cybercriminal-arrested-in-bulgaria-at-u-s-request-lawyer-says/

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.