Racketeers Use Bots, Android Apps to Run Massive Ad Fraud Scheme

Racketeers Use Bots, Android Apps to Run Massive Ad Fraud Scheme

Online advertisers have good reason to be running scared these days. Last week, news broke that Facebook had massively inflated its video watching metrics for years by ignoring as invalid all videos that were watched for less than three seconds and reporting only metrics for video that was watched for longer. The problem with this approach was, it removed all of the legions of people who simply never watched at all, or for whom the video only activated when they moused over it. Advertisers were furious about the metric, as were journalists — who knows how many of my colleagues lost their jobs in the past few years as a result of a misguided “pivot to video” strategy that didn’t align with the media consumption habits of their established audiences.

Now, we’ve got a new “online advertising is broken and everything is terrible” problem to talk about. An in-depth Buzzfeed investigation found a complex network of shell companies devoted to buying up Android apps built by other people and then monetizing them with an army of bots.

Now that might not seem so unusual, given that companies like Twitter and Facebook have faced tremendous bot problems. What sets this scheme apart is that app owners were contacted and offered cash up front to sell their products. Once they sold, the purchasers didn’t sell them — they mined them for information on how the end users actually behaved. And then they used that behavior to program bots to duplicate it and vastly inflated the claims of how many people were using their products.

Image by Buzzfeed
Image by Buzzfeed

Apps that supposedly had multiple owners and were maintained by multiple teams were actually connected to one another via a dizzying array of shell corporations. More than 125 Android apps and websites were “connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.) As an extension of this practice, it means that if you used one of the offending apps, your every action was mined and used to generate a realistic action model that could then be used to commit fraud. The apps have collectively been installed on 115 million devices.

Why Should You Care About Advertising Fraud?

Let’s get one thing out of the way up front. You probably hate ads. You hate the ads on wfoojjaec, you hate the ads on other sites, you hate online advertising, period. You probably also understand that the ads are how those of us who work here manage to eat. This does not make you dislike ads less, and it definitely doesn’t predispose you towards caring about the fact that a bunch of advertisers got defrauded. But you should care — and here’s why.

Advertisers are like any other kind of company in one way: They want to know that the ad dollars they spend are bringing them some kind of benefit. In the past week, we’ve seen two major stories break that system, with major implications. Buzzfeed reports that between $700-$800M may have been leveraged out of the mobile app market in this way just in 2018. And that’s just the tip of the fraudulent iceberg. Adobe has estimated that up to 28 percent of all web traffic may be driven by bots.

When Facebook started releasing its video metrics, newsrooms all over the country tore up their roadmaps and make an aggressive pivot-to-video, oftentimes laying off conventional writers to pay for new content creation and new content creators. The idea failed almost everywhere. Companies made this transition because they were desperate to capture advertising dollars and advertisers wanted to follow Facebook’s lead. The result? Tremendous damage, lost trust, fired employees — and all based on fraud. It’s not going to stop happening, and there are serious ramifications for the websites and companies you like to follow.

Google has taken action against the bots now that they’re aware of the problem but hadn’t detected the issue before Buzzfeed brought it to their attention. A great deal of the problem rests on Google, whose processes for reviewing Google Play content aren’t as robust as Apple’s.

More details, and the response of the scam runners themselves once Buzzfeed caught them, can be found in the original story.

Continue reading

New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove
New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove

Intel has released a bit more information about Rocket Lake and its 10nm CPU that's been back-ported to 14nm.

ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market
ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market

ARM took another step towards challenging x86 in its own right with the debut of the Cortex-A78C this week. The new chip packs up to eight "big" CPU cores and up to an 8MB L3 cache.

The Xbox Series S Is Handicapped by Its Storage Capacity
The Xbox Series S Is Handicapped by Its Storage Capacity

The Xbox Series S has been favorably received, for the most part, but the console's low base storage makes the Xbox Series X a better value for a lot of people.

In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip
In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip

Apple saw huge success the last time it switched architectures to Intel, but this time? The jury's still out, but one thing is certain: Apple is about to make a lot more money.