Cheetah Mobile and another Chinese firm accused of mobile ad download fraud

Mobile ad fraud is a growth industry. According to a Q1 2018 report (.pdf) from AppsFlyer, “mobile app marketers were exposed to 30 percent more fraud (as compared to the 2017 quarterly average), reaching $700-$800 million worldwide. The share of fraudulent installs has also grown by 15%, tainting 11.5% of all marketing-driven installs.”

Chinese firms accused of claiming credit for downloads. In that context, BuzzFeed News reports that, according to app analytics company Kochava, seven apps owned by Chinese firm Cheetah Mobile are accused of engaging in app-download fraud. Cheetah has denied the allegations. An app owned by another Chinese firm called Kika Tech is also similarly accused.

Specifically, the Cheetah and Kika apps are alleged to have fraudulently claimed credit for third party app downloads on phones where their apps were installed. The type of fraud here is called “click injection,” where SDKs on a user’s phone create fake clicks to fraudulently claim attribution. The apps in question include Clean Master, Battery Doctor and Cheetah Keyboard among others. Cheetah has blamed any fraud on third party SDKs integrated with its apps.

A larger pattern of Google Play fraud. The BuzzFeed report is a sequel to a report last month that discovered “a sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere.” Many of the apps in question were games.

Following the report, Google took action and removed many of those dubious apps.

What matters to marketers. Mobile ad and app-install fraud is a significant problem that needs more aggressive policing. But it also requires vigilance by marketers and advertisers to ensure that clicks and installs are legitimate. Publishers and networks need to be monitored and periodic traffic/download experiments need to be performed to ensure that downloads are actually happening.

Click injection, however, is difficult to detect because the event in question typically did happen, a third party is just seeking to wrongfully claim credit.