Even though the Google Play Store is known for its abundance of apps, it is far more vulnerable to apps that attack user’s privacy and security to earn ad revenue and more. An investigation made by security firm Check Point, ESET, Method Media Intelligence in collaboration with Buzzfeed found out that there are at least six apps that conduct ad fraud and download fraud and also send data to their servers in China without user consent.
As the report is followed, it was found out that these six apps belong to an app development company called DU Global which is based in China. The company is a spin-off of original Baidu which is alarming at this instance itself. Further, the report was able to pinpoint at least six apps from DU Global which seeks permissions far more invasive than what it is meant for and more.
To put things into context, apps sign up with Google Ads or other advertising company to show ads on apps that earn revenue whenever a user views it while they could earn more if the user clicks on an ad. The investigation found out that these six apps periodically click on these ads in the background without user consent while consuming data, battery, and other resources to earn revenue.
These apps include Total Cleaner, Selfie Camera, RAM Master, Omni Cleaner, AIO Flashlight, and Smart Cooler from DU Global have been reportedly removed from Google Play Store now. The report further explains that Selfie Camera, an app that enables taking selfies has over 50 million downloads alone. The app practices, not just ad fraud which is when it shows ads and clicks on it either in the background or anyways but it also does download fraud which is basically when it monitors and stores details about downloads and sends it to the server in China.
At times, you might have seen that a new third-party app has popped up on your device without your consent which is a clear example of download fraud where one of the apps installed on your device downloaded the app in the background without user consent.
As Android firmware is getting advanced, it now lets users check out the permissions asked by any app and whether or not to grant it. Emoji Flashlight which is basically what it sounds likes, a Flashlight, has over 5 million downloads and asks for 30 permissions to start with including seven dangerous ones. The app Samsung TV Remote Control from peel Technologies request access to 58 permissions which is alarming and could land you in trouble as these apps have the tendency to record audio, video, capture cryptocurrency data, and other valuable details and send it back to their servers.
Last year, Google removed more than 200 apps from the Google Play Store that were practicing ad fraud. Google has been trying to get rid of these untrustworthy apps and is hiring people to monitor apps on Play Store and remove it if it violates its policies. The best way to escape clutches of such fraudulent apps is to read reviews at the bottom of Google Play Store app page which is explanatory enough to give you a glimpse of what these apps offer and how.