Android App Ad Fraud
But an investigation by BuzzFeed News reveals that these seemingly separate apps and companies are today part of a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans. (A full list of the apps, the websites, and their associated companies connected to the scheme can be found in this spreadsheet.)
One way the fraudsters find apps for their scheme is to acquire legitimate apps through We Purchase Apps and transfer them to shell companies. They then capture the behavior of the app’s human users and program a vast network of bots to mimic it, according to analysis from Protected Media, a cybersecurity and fraud detection firm that analyzed the apps and websites at BuzzFeed News’ request.
In its response to the BuzzFeed report, Google explained how the botnet — dubbed TechSnab — works to inflate ad revenue by creating botnets to visit web pages.
[…]
Ad fraud hits marketers directly in the wallet. BuzzFeed reports that the potential for stolen ad revenue related to this scheme could be as high as $750 million. One app connected to the scheme has been installed more than 20 million times.
The bottom line: if the metric used for charging for advertising can be faked, it will be faked. Ad tracking is both an invasion of privacy and an open invitation to fraud.