For a long time, the Play Store could be considered a wild west of app distribution, especially when compared to Apple's inherently more restrictive App Store. However, Google is working on improvements and is becoming stricter, including for app permissions. Nevertheless, we are again in the store with a new ad fraud program in the footsteps of last year's Cheetah Mobile investigation. Another Chinese app developer, DO Global, is said to have included code in their apps that automatically clicks ads without the users' knowledge.
BuzzFeed News unveiled these results in collaboration with security researchers Check Point and Method Media Intelligence. They found that the app developer in question was a spin-off of Chinese giant Baidu, who became independent only last year. The apps reached more than 90 million downloads before Google deleted the entries.
DO Global's products are primarily sketchy. They replicate all system functions such as camera and flashlight or promise to clean up the phone to make it faster, which often slows down the phones. But see for yourself, these are the six remote apps: Selfie Camera, Total Cleaner, Smart Cooler, RAM Master, AIO Flashlight, and Omni Cleaner.
There are two parts of this scam. First, DO Global was not listed as a developer for most of these apps, but instead used a US parent company for publication on the Play Store. This makes users believe that they are installing an American product. This is of course against the policies of Google. Second, the apps have been programmed to automatically click on ads and steal money from advertisers who are not receiving real user interaction with their offers. Because this was done in the background while the screen was off, users may have had worse battery life and unexpected data bills.
BuzzFeed News also mentions that many apps in the Play Store abuse permissions and non-transparent privacy policies to suck users' personal information, but they do not point to specific apps or developers.
We can only hope that Google will continue to take more control of the Play Store and in fact force app developers to enforce its customer protection policies. The company has already started to do so by requesting higher target APIs and examining phone and SMS permissions more closely.
Given the serious allegations against DO Global, it was only a matter of time before we would see a response. While Google has not yet made a full public statement, it looks as if it would completely ban the developer.
BuzzFeed reports that dozens of apps associated with DO Global have already been removed from the Play Store and more are expected to follow. Although Google has not fully confirmed how many apps should be removed, or whether this is a formal ban on DO Global, an insider source describes this situation.
It could be an extreme for Google to take these measures, but given the charges brought against DO Global, one that would be hard to argue with is unjustified. Ultimately, it is in Google's best interests to do everything to prevent developers from violating their policies, and this may be an attempt to show that even high-profile developers are not immune from impact.