Google Play Store is a premier global marketplace to distribute innovative apps and games. Its stringent developer policies make this online platform world’s most trusted source for apps and games.

Billions of Android and Windows users rely on  Play Store to download any app or games.

In the recent past,  Play Store has faced an uphill battle to house several fraudulent apps in the play store. In spite of iron-fisted efforts undertaken by Google to keep fraudulent activities miles away, cunning app owners adopt deceptive tactics to set their foot into the Play store and worse, stay there.

Digital frauds include phishing, crypto-jacking, Trojan, card skimming to name a few. However, the tactics adopted in this scam are completely new and involves great level of intelligence.

Recent research reveals that this digital distribution service was targeted by cyber-criminals who used more than 125 established apps to track user behavior & mint money through ad views/ clicks.

The Apps that were leveraged include:

• The apps that have been installed more than 115 million times on Android phones.
• Theses apps belonged to various categories, mostly gaming apps. Others include flashlight, selfie, healthy eating apps and more.
• One app connected to the scheme EverythingMe had more than 20 million installs.

The insights of the fraud are as follows:

1. A front company called ‘We Purchase Apps’ reached out to popular app Developers offering them to buy their legitimate and popular apps that had overall positive review available on Google Play and promised to help them generate more revenue and keep them afloat.
2. In order to conceal the size of the operation & obscure its true ownership, the ownership of the apps was shifted to various shell companies that were distributed over many countries like Israel, Malta, Bulgaria, Cyprus, and British Virgin Islands.
3. These companies utilized developer access to secretly monitor and analyze human interactions with these apps. This behavior was used to programme a huge network of bots that ran from servers to mimic the human audience.
4. The sole purpose behind this whole activity was to generate fraud traffic. These bots were made to use the apps to increase overall app engagement.
5. The bot traffic was blended with real user traffic, to serve as a cover for the cloned traffic.
6. These bots were also leveraged to generate additional revenue via ad views. Since this fake traffic bypassed fraud detection systems, ads viewed by these masked bots earned millions of dollars to the app developers. 

Consequences of the Operation

The fraudsters worked with the biggest partners [in digital advertising] to earn maximum profits and to ensure the ongoing flow of advertisers and money.

1. The fraud generated revenue of $750 million from a single mobile Android Application.
2. The advertiser’s using Google ad network to place ads on the affected websites and apps were swindled of around $10 million
3. The scheme also exposes the presence of other frauds, malware, and other risks that affect Google’s mobile ecosystem.

Measures adopted by Google after the fraud exposure

1. Google immediately jumped into action after being informed about the fraudulent scheme, following which it claimed to have removed the fraud Android Applications.
2. Further, claims to have blacklisted additional apps and websites that are outside its ad networks depriving advertisers using Display and Video 360 from buying any traffic.

Google promises to continue monitoring this operation and take strict action in case it finds additional invalid traffic.