- Apps by Cheetah Mobile and Kika Tech monitored apps downloaded on users’ Android phone
- They then claimed the credit for the download to earn revenue
- Both the companies have denied any wrongdoing
Earlier this week, Google removed 13 malicious apps from its Play Store after a security researcher pointed out that the apps were installing malware on the Android users’ phones. But as it turns out, it seems that the tech giant is not done cleaning its Play Store just yet as a new report suggests that eight widely popular apps have been engaging in fraudulent ad practice on the platform.
According to a report by BuzzFeed News, a total of eight apps with over 2 billion downloads in the Play Store have been misusing user permissions for monitoring new downloads and stealing install bounties that could be running in millions of dollars. While seven of the eight apps belong to Cheetah Mobile, a Chinese internet company, one is owned Kika Tech, another Chinese firm that is headquartered in the Silicon Valley.
While the apps by the two Chinese firms were monitoring the information that the users were downloading, their ultimate aim was to exploit money from developers who often pay a fee ranging between 50 cents to $3 that helps them to drive installation of their app. App analytics firm Kochava, in its research found out that, apps by Cheetah Mobile and Kika Tech tracked the new apps downloaded by the Android users . They then used this data to inappropriately claim credit for the download, which in turn helped them earn revenue from the partners.
The report further claimed that in some cases apps by Cheetah Mobile launched the downloaded apps themselves to claim credit for the download and earn money.
The apps by Cheetah Mobile accused of fraudulent ad practices include Clean Master, CM File Manager, CM Launcher 3D, Security Master, Battery Doctor, CM Locker and Cheetah Locker, while the app by Kika Tech includes Kika Keyboard. The affected apps require users to a variety of permissions including the permission to track key strokes.
Notably, both Cheetah Mobile and Kika Tech have denied any wrongdoing and blamed the third-party software development kits (SDks) for the issue. However, Kochava’s research suggests that the SDKs were in turn owned by these companies and not some third-party developers.