Sketchy apps with more than 2 billion installs allegedly involved in click fraud (Updated)

Sketchy apps with more than 2 billion installs allegedly involved in click fraud (Updated)
Credit: Wikimedia Commons

Update: Cheetah Mobile has issued a statement saying that majority of its ad revenue is driven by third-party ad SDKs (Software Development Kits) and it has no control over them. The app maker also said that it has no intention to engage in alleged “Click injection” activities. The Company noted that there are numerous untrue and misleading statements in these two articles. It is planning to take legal actions against Kochava as well. 

Chinese app developer Cheetah Mobile has been accused of running a major click fraud scam, using its Android apps which have a combined install base of more than 2 billion.

BuzzFeed News reported that research from mobile analytics company Kochava found eight apps – seven from Cheetah Mobile and one from Kika Tech – misusing Android user permissions to gain referral earnings from app installs.

If you spent much time on Google Play, some of these apps might sound familiar to you: Clean Master, Security Master, Battery Doctor, and Kika Keyboard. A few of these apps have an install base of more than 200 million users each; Clean Master has more than 1 billion. Together, these apps reportedly have more than 700 million monthly active users.

Credit: Google Play
Cheetah Mobiles’ Clean Master


The apps allowed for shady practices like click injections and click flooding to claim referral money for driving app installations on users’ phones. They asked for user permission to track the apps are installed on their phones – and claimed credit for the installs without actually having done anything to facilitate those installs. Additionally, Kika Keyboard asked for permission to track what users typed (because it’s a keyboard, duh), and used the data to capture what users searched for on Google Play.

Whenever a user installed a new app, these fraudulent apps tried to claim that they’ve caused the install, and grabbing the referral bounty, which typically ranges from 50c to $3 each. And because some developers only credit referrals reward when their apps are opened, some of the fraudulent apps silently launched the newly installed ones to ensure they clinched a reward.

Kika Tech’s CEO, Bill Hu, told BuzzFeed News in a statement that the company is investigating the issue internally, and it’ll do everything to resolve the situation.

Cheetah Mobile transferred the blame to third-party ad SDKs (Software Development Kit). “We request ads via SDK from these ad platforms and display their ads. We have no control over the behavior of these SDKs,” it told Buzzfeed News. Incidentally, its most popular app, Clean Master, features in a lot of lists of apps people should remove.

We’ve sent an email to Google to understand if it’s taking any action on these apps. We’ll update the story accordingly. Meanwhile, if you have downloaded any of these apps, it’s advisable to uninstall them from your phone.

Ad fraud is on the rise, as there’s plenty of money to be made: eMarketer estimated that spending on mobile app install ads will be crossing $7.1 billion globally this year. For reference, another report suggested that mobile app install ad fraud cost marketers nearly $2 billion in 2017.

Read next: Uber fined €1M for 2016 data breach by Dutch and British privacy watchdogs