Security researchers have disrupted an ongoing mobile phone app ad fraud scheme, operating through MoPub, the mobile advertising platform owned by Twitter. The mischievous apps generate more than $250,000 (£172,351, €224, 466) revenue per day through the ad fraud.
Researchers at Sentrant Security, which conducted the investigation on the mobile app ad fraud scheme, claim to have identified a total of 247 apps containing ad frauds available for download in the Google Play Store, estimating a total app installation of between 282,998 and 1,193 665. Google, after being notified by Sentrant, removed all the rogue apps from Play Store.
"In reaction to our communication with Google, all apps have been removed from the Play Store. But apps already installed on user devices would not be affected as users would need to uninstall the apps themselves," Hadi Shiravi, the co-founder of Sentrant Security, told IBTimes UK.
Shiravi also revealed that this is one of the most sophisticated ad fraud schemes that had targeted mobile apps in hundreds of thousands of devices running code that run non-viewable ads in the background.
According to Sentrant, the ad fraud scheme was developed and operated by mobile app company Academ Media, which has a network of over 20 shell companies to execute the fraud operation by targeting Twitter's MoPub, the largest mobile ad exchange.
Meanwhile, Academ Media, a private company based in the Siberian city of Novosibirsk, denied the allegations. It claimed its systems were hacked by attackers, who stole their data a year ago and modified the company's apps to commit advertising fraud.
Tim Prokhorov, head of business relation at Academ Media told Financial Times the company is nowhere related to these new apps and they must have been created by hackers using the codes stolen earlier.
Ad fraud though Twitter's MoPub
Sentrant claims the custom ad fraud code was integrated into several legitimate apps. The fraudsters used two distinct techniques to hide the ad fraud such as proxy detection and long sleep duration. These two techniques bypass detection.
The fraudster targets MoPub by inserting the ad fraud code directly into the advertising software development kit (SDK) of MoPub and then rebuilding a custom version of the SDK. In order to bypass the ad fraud detection mechanism, the custom SDK spoofs the device ID along with other parameters such as manufacturer, product, device height and width.
Google in its response said, "While we don't comment on specific apps, we can confirm that our Google Play policies are designed to provide a great experience for users and developers. That's why we remove apps from Google Play that violate those policies."