Racketeers Use Bots, Android Apps to Run Massive Ad Fraud Scheme

Racketeers Use Bots, Android Apps to Run Massive Ad Fraud Scheme

Online advertisers have good reason to be running scared these days. Last week, news broke that Facebook had massively inflated its video watching metrics for years by ignoring as invalid all videos that were watched for less than three seconds and reporting only metrics for video that was watched for longer. The problem with this approach was, it removed all of the legions of people who simply never watched at all, or for whom the video only activated when they moused over it. Advertisers were furious about the metric, as were journalists — who knows how many of my colleagues lost their jobs in the past few years as a result of a misguided “pivot to video” strategy that didn’t align with the media consumption habits of their established audiences.

Now, we’ve got a new “online advertising is broken and everything is terrible” problem to talk about. An in-depth Buzzfeed investigation found a complex network of shell companies devoted to buying up Android apps built by other people and then monetizing them with an army of bots.

Now that might not seem so unusual, given that companies like Twitter and Facebook have faced tremendous bot problems. What sets this scheme apart is that app owners were contacted and offered cash up front to sell their products. Once they sold, the purchasers didn’t sell them — they mined them for information on how the end users actually behaved. And then they used that behavior to program bots to duplicate it and vastly inflated the claims of how many people were using their products.

Image by Buzzfeed
Image by Buzzfeed

Apps that supposedly had multiple owners and were maintained by multiple teams were actually connected to one another via a dizzying array of shell corporations. More than 125 Android apps and websites were “connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.) As an extension of this practice, it means that if you used one of the offending apps, your every action was mined and used to generate a realistic action model that could then be used to commit fraud. The apps have collectively been installed on 115 million devices.

Why Should You Care About Advertising Fraud?

Let’s get one thing out of the way up front. You probably hate ads. You hate the ads on wfoojjaec, you hate the ads on other sites, you hate online advertising, period. You probably also understand that the ads are how those of us who work here manage to eat. This does not make you dislike ads less, and it definitely doesn’t predispose you towards caring about the fact that a bunch of advertisers got defrauded. But you should care — and here’s why.

Advertisers are like any other kind of company in one way: They want to know that the ad dollars they spend are bringing them some kind of benefit. In the past week, we’ve seen two major stories break that system, with major implications. Buzzfeed reports that between $700-$800M may have been leveraged out of the mobile app market in this way just in 2018. And that’s just the tip of the fraudulent iceberg. Adobe has estimated that up to 28 percent of all web traffic may be driven by bots.

When Facebook started releasing its video metrics, newsrooms all over the country tore up their roadmaps and make an aggressive pivot-to-video, oftentimes laying off conventional writers to pay for new content creation and new content creators. The idea failed almost everywhere. Companies made this transition because they were desperate to capture advertising dollars and advertisers wanted to follow Facebook’s lead. The result? Tremendous damage, lost trust, fired employees — and all based on fraud. It’s not going to stop happening, and there are serious ramifications for the websites and companies you like to follow.

Google has taken action against the bots now that they’re aware of the problem but hadn’t detected the issue before Buzzfeed brought it to their attention. A great deal of the problem rests on Google, whose processes for reviewing Google Play content aren’t as robust as Apple’s.

More details, and the response of the scam runners themselves once Buzzfeed caught them, can be found in the original story.

Continue reading

Clever OS Scheduling Partly Explains Apple M1’s Responsiveness
Clever OS Scheduling Partly Explains Apple M1’s Responsiveness

Some of the improved responsiveness of the M1 comes courtesy of new OS scheduling techniques.

Intel Announces its 18A Node is Ahead of Schedule
Intel Announces its 18A Node is Ahead of Schedule

Gelsinger's announcement is a bit of good news for folks who were worried the company might start to falter on its comeback tour.

Alleged Schematics For Meta’s Project Cambria Headset Have Leaked
Alleged Schematics For Meta’s Project Cambria Headset Have Leaked

Alleged CAD designs for Meta's high-end Project Cambria have been leaked, showing a compact, intricate device.

Microsoft May Radically Overhaul Windows Release Schedule
Microsoft May Radically Overhaul Windows Release Schedule

Microsoft's new release cadence should bring new features more often, with several years in between new versions.